Re: The Apache docs readPost causing SIGSEGV
Please check how you are creating the formData[i].key and format[i].value fields. If you are using the POST data in the structure, it is not NULL terminated. You have to do your own NULL termination, or (when it reads out of bounds) you get a SIGSEGV. Unless you are lucky and have NULL characters in your own module. I don't like using the apr_pstrdup, I use the apr_pstrndup form because I have complete control of size, and I make it one character bigger, and add a NULL termination to the string JUST to make sure. I had enough SIGSEGV's in my life to call it a best practice to make sure the character is there. Joe On Mon, May 18, 2015 at 1:45 PM, Vitaliy Kaplenko eps_...@yahoo.com.invalid wrote: Hi, I am developing a module for Apache that requires parsing form data. As example I have used Retrieve variables from POST form data from http://httpd.apache.org/docs/2.4/developer/modguide.html#snippets. When I try to retrieve variables from Post data, in the example row: ap_rprintf(r, %s = %s\n, formData[i].key, formData[i].value); I got:Program received signal SIGSEGV, Segmentation fault.strlen () at ../sysdeps/x86_64/strlen.S:106106 movdqu (%rax), %xmm12 Is there any way to pass it?Thanks!
Re: A web based terminal emulator as an Apache module?
Here is a good example thread : http://grokbase.com/t/apache/modules-dev/11bp9bhxr5/basic-example-shared-memory-code On Fri, Jan 9, 2015 at 10:35 AM, Joe Lewis jle...@silverhawk.net wrote: It is definitely possible to share information - see the apr_shm_* functions (or check the history on this list for shared memory). Eash POST request is considered a separate event, and is processed as such, which means there is no state in the protocol itself (there is when you add HTTP headers into the mix, such as cookies). For what you are trying to do - I'd simply assume it's stateless, and design any modules to utilize shared memory. Joe On Fri, Jan 9, 2015 at 9:30 AM, Sean Neeley sean.nee...@producepro.com wrote: I'm trying to determine if it is plausible to build an apache module for a web based terminal emulator. I would be borrowing some of the code from the ShellInaBox project: https://code.google.com/p/shellinabox/ The code uses openpty() to create a new process operating in a pseudo-tty. The apache module would have to pass keyboard and display information back and forth from the client browser to the pseudo-tty in the module. It seems like with the pre-fork mpm, I cannot guarantee that the ajax POST requests will make it to the same module instance each time. Are modules stateless? Is it possible to share the pseudo-tty and hashmaps keeping session information across all instances of my module? Or is there anything that can be added to the POST request to guarantee that it goes to a specific module instance? Thanks for the help. - Sean
Re: A web based terminal emulator as an Apache module?
It is definitely possible to share information - see the apr_shm_* functions (or check the history on this list for shared memory). Eash POST request is considered a separate event, and is processed as such, which means there is no state in the protocol itself (there is when you add HTTP headers into the mix, such as cookies). For what you are trying to do - I'd simply assume it's stateless, and design any modules to utilize shared memory. Joe On Fri, Jan 9, 2015 at 9:30 AM, Sean Neeley sean.nee...@producepro.com wrote: I'm trying to determine if it is plausible to build an apache module for a web based terminal emulator. I would be borrowing some of the code from the ShellInaBox project: https://code.google.com/p/shellinabox/ The code uses openpty() to create a new process operating in a pseudo-tty. The apache module would have to pass keyboard and display information back and forth from the client browser to the pseudo-tty in the module. It seems like with the pre-fork mpm, I cannot guarantee that the ajax POST requests will make it to the same module instance each time. Are modules stateless? Is it possible to share the pseudo-tty and hashmaps keeping session information across all instances of my module? Or is there anything that can be added to the POST request to guarantee that it goes to a specific module instance? Thanks for the help. - Sean
Re: debugging ssl packet drop
Another possible list thst would be good would be the HTTPD development list. You may need the author of mod_ssl. Thanks, Joe Lewis Original message From: Pon Umapathy Kailash S pon.umapa...@gmail.com Date: 10/18/2014 4:28 AM (GMT-07:00) To: modules-dev@httpd.apache.org Subject: Re: debugging ssl packet drop Hi, I resent the mail since I didn't receive a copy of my first mail and I am subscribed to this list as well. In any case, I am not asking for help to debug any network issues here (if you read the content of my mail). There's an issue with a SSL packet being sent from IE10 browsers in the context of the websocket protocol (over ssl) and I have been working on the steps you mention further down in your email. My original mail was to see if I can get help regarding specific breakpoints in the code flow of the apache server/ssl module flow to check where the packet was being dropped. However, I'll take your suggestion that this probably needs to go to the openssl mailing list. Thank you. Regards, Umapathy On Fri, Oct 17, 2014 at 9:31 PM, Joe Lewis jle...@silverhawk.net wrote: Your first message was delivered less than 24 hours ago - most of us are not paid by the Apache modules developers list, meaning we are stricly volunteer, and 24 hours might not be enough time. I would suggest patience, especially while asking questions on the fringes of this lists expertise. Most people here are module developers, not SSL debuggers or TCP experts. I actually thought your original e-mail should have gone to an openssl mailing list instead of an Apache modules list. I won't support tracking down something like network errors without access and a consultation fee - it's an ugly rabbit hole that not many actually want to go down, especially me. I will simply suggest using Wireshark at multiple points (e.g. on the same LAN as the client, and on the same LAN as the server) just to ensure that a firewall, netscaler, or any other device between the client and the server isn't your problem. You claim an error code of 101 (network reset). Are you seeing TCP resets in your packet capture (remember, I'm not going to support or help beyond this - the question is to get you to think about what you are actually seeing in your packet capture). Did you decrypt your SSL-encrypted packet capture just to ensure you are seeing things properly? Are you sure you haven't custom-configured timeouts for Apache? ipfw/iptables/etc on the server (tcpdump of *nix will help)? Remember, it sounds like you are asking for help for things on the fringes of most people's expertise here. Be patient. Joe On Fri, Oct 17, 2014 at 9:22 AM, Pon Umapathy Kailash S pon.umapa...@gmail.com wrote: Resending since it doesn't seem to have been delivered. On Thu, Oct 16, 2014 at 11:26 AM, Pon Umapathy Kailash S pon.umapa...@gmail.com wrote: Hi, I am facing the an issue where a SSL packet from IE10 doesn't reach the client processing thread for a particular connection(more details below). Can you please provide me pointers on where to look/add more debug logs in the code to figure out what's happening? We use mpm worker threads. I have added support for websockets in a customised manner(as required for our application) inside apache. At a high level, it's done as follows: - the initial GET request with 101 code is handled by a handler hook function which computes the required security keys and sends back the response. Also, the socket on which the request came in is not closed(by maintaining a list and patching some parts of the apache code to not close if a socket is present in this list). - the child thread which processes this connection will relinquish the connection after the keep-alive timeout , which is ok since all we need is for the server to send messages to the client, with one exception. - At this point, the socket is recognised as a websocket client which is not yet authenticated(since from browsers we cannot set custom headers with the initial websocket connection request). - Authentication is done by the client sending the cookie as the 1st(and only) message on this connection to the server within the keep-alive timeout period(at which point the cookie is authenticated and the socket is marked as a valid, authenticated subscriber). (* there are other functions/timers to take care of stale, unauth connections etc) This works fine in all browsers with support for websockets with the following exceptions: IE10 over ssl(https/wss) and IE11 over ssl on 32-bit client machines. Doing a packet capture, we could figure out that the initial connection goes through fine and when the cookie is sent from the client, it reaches the server(and there's a tcp ack received at the client for this packet). However, the client processing this connection doesn't seem to receive this packet(this is well
Re: debugging ssl packet drop
Your first message was delivered less than 24 hours ago - most of us are not paid by the Apache modules developers list, meaning we are stricly volunteer, and 24 hours might not be enough time. I would suggest patience, especially while asking questions on the fringes of this lists expertise. Most people here are module developers, not SSL debuggers or TCP experts. I actually thought your original e-mail should have gone to an openssl mailing list instead of an Apache modules list. I won't support tracking down something like network errors without access and a consultation fee - it's an ugly rabbit hole that not many actually want to go down, especially me. I will simply suggest using Wireshark at multiple points (e.g. on the same LAN as the client, and on the same LAN as the server) just to ensure that a firewall, netscaler, or any other device between the client and the server isn't your problem. You claim an error code of 101 (network reset). Are you seeing TCP resets in your packet capture (remember, I'm not going to support or help beyond this - the question is to get you to think about what you are actually seeing in your packet capture). Did you decrypt your SSL-encrypted packet capture just to ensure you are seeing things properly? Are you sure you haven't custom-configured timeouts for Apache? ipfw/iptables/etc on the server (tcpdump of *nix will help)? Remember, it sounds like you are asking for help for things on the fringes of most people's expertise here. Be patient. Joe On Fri, Oct 17, 2014 at 9:22 AM, Pon Umapathy Kailash S pon.umapa...@gmail.com wrote: Resending since it doesn't seem to have been delivered. On Thu, Oct 16, 2014 at 11:26 AM, Pon Umapathy Kailash S pon.umapa...@gmail.com wrote: Hi, I am facing the an issue where a SSL packet from IE10 doesn't reach the client processing thread for a particular connection(more details below). Can you please provide me pointers on where to look/add more debug logs in the code to figure out what's happening? We use mpm worker threads. I have added support for websockets in a customised manner(as required for our application) inside apache. At a high level, it's done as follows: - the initial GET request with 101 code is handled by a handler hook function which computes the required security keys and sends back the response. Also, the socket on which the request came in is not closed(by maintaining a list and patching some parts of the apache code to not close if a socket is present in this list). - the child thread which processes this connection will relinquish the connection after the keep-alive timeout , which is ok since all we need is for the server to send messages to the client, with one exception. - At this point, the socket is recognised as a websocket client which is not yet authenticated(since from browsers we cannot set custom headers with the initial websocket connection request). - Authentication is done by the client sending the cookie as the 1st(and only) message on this connection to the server within the keep-alive timeout period(at which point the cookie is authenticated and the socket is marked as a valid, authenticated subscriber). (* there are other functions/timers to take care of stale, unauth connections etc) This works fine in all browsers with support for websockets with the following exceptions: IE10 over ssl(https/wss) and IE11 over ssl on 32-bit client machines. Doing a packet capture, we could figure out that the initial connection goes through fine and when the cookie is sent from the client, it reaches the server(and there's a tcp ack received at the client for this packet). However, the client processing this connection doesn't seem to receive this packet(this is well within the keep alive interval and the client thread is still actively processing that connection). Can you please let me know at which points in the code flow it might be useful to add debugging info to see where this is getting dropped? Regards, Umapathy
Re: handler pass to php
I'd consider having your handler fire off a subrequest. The book should cover this topic, but you can also look in the source for some examples (or google ap_run_sub_req and review the results). You just want the php handler set for it. Joe On Tue, Oct 14, 2014 at 3:41 PM, Jeremy Thompson jer...@warehousesports.com wrote: Hello all, We have written a handler for apache that talks to our point of sales software. At this point the POS software renders a lot of the html itself and sends it back through apache. We would however, like to be able to integrate PHP to offload some of this work. The problem right now is that once the handler catches the request it renders and sends its through never reaching PHP. This is the same whether or not PHP is built as a fcgi or apache2handler. I'm pretty sure the problem is that our handler is not passing any info forward. Its taking the request sending it to our software and returning the rendered page. Would the apache modules book cover this or are there any examples of playing nice with the other plugins? Thanks. ~Jeremy
Re: Tear down of module on server stop
On 06/07/2013 08:19 AM, Sean Beck wrote: I'm looking through and example I found herehttp://ctemplate.sourceforge.net/example/mod_example/mod_tplexample.c.htmland it says this about the method used by post_config(): This routine is called to perform any module-specific fixing of header fields, et cetera. It is invoked just before any content-handler. That makes it seem like this is called every time a connection is made. That isn't what I want. I want to do set up only once for as long as the server is running. Would pre_config() be more suitable for that? Thanks Sounds like it's the wrong description. From http_config.h : /** * Run the post_config function for each module * @param pconf The config pool * @param plog The logging streams pool * @param ptemp The temporary pool * @param s The list of server_recs * @return OK or DECLINED on success anything else is a error */ AP_DECLARE_HOOK(int,post_config,(apr_pool_t *pconf,apr_pool_t *plog, apr_pool_t *ptemp,server_rec *s)) The post_config hook should happen when the child loads, and won't be associated with a specific request. It happens after the config is loaded when HTTPD starts, potentially twice because of the way HTTPD loads. Once done and HTTPD starts serving requests, it shouldn't be called again in that processes lifetime. Joe -- http://www.silverhawk.net/
Re: Tear down of module on server stop
On 06/07/2013 08:59 AM, Sean Beck wrote: You guys are awesome. So it should only run once then? Also for tear down of the stuff is there a different hook that I could load? It still runs twice. Tear down should be registering a pool clean up function, and using that.
Re: Tear down of module on server stop
On 06/07/2013 09:23 AM, Sean Beck wrote: Should I give it ptemp as the pool? Or should I create a new one in post_config()? When you set up your ActiveMQ connections, you will be using a pool to allocate the memory used. Use that pool. Otherwise, your cleanup and your config for the connection management will happen at different times. Joe
Re: Tear down of module on server stop
On 06/07/2013 09:29 AM, Sean Beck wrote: Currently when I create the connections I don't use a pool for anything. I'm using the fusemq-c library. I did notice that libstomp uses a pool though. If the memory allocation isn't done through the apr_* routines, I'm not sure what pool to use. The one provided in the post_config should be the closest to what you need because it will be called when HTTPD does shut down gracefully. Joe
Re: Tear down of module on server stop
On 06/07/2013 09:52 AM, Sean Beck wrote: All I really need a pool for is so I have something to pass as a parameter. I see here https://apr.apache.org/docs/apr/1.3/group___pool_cleanup.htmlthat apr_pool_cleanup_register actually takes two functions as parameters. The one I would want is plain_cleanup, right? If I understand pools correctly, pools are destroyed/cleaned up when the server shuts down. Not all pools are created equally. A temporary pool may be cleaned up earlier. A request pool may be cleaned up when the request is complete. Check your cart-before-the-horse logic. If you create a temporary pool, expect it to be cleaned up when you destroy it. The pool associated with the post_config hook will be cleaned up on shutdown. I'll repeat myself again : use the one provided by the post_config hook. Joe
Re: Tear down of module on server stop
On 06/06/2013 03:14 PM, Sean Beck wrote: Where does the tear down happen when httpd is stopped? I have some code for sending messages to ActiveMQ in my module and I would like to only make a connection on startup rather than every time someone connects, but then I need to destroy the connection when the server stops. Also, register_hooks is called when the server starts, correct? I am thinking I would put the code for connecting to ActiveMQ in there. Thanks! Register a pool clean up function with the pool for the server record. That should be called when the pool is removed. Joe
Re: Issue in using php5_module module.
On 05/28/2013 08:38 AM, Sindhi Sindhi wrote: [SNIP] With these changes, when I start httpd.exe and try to launch a simple php file shown above, from the browser, the first time I see that my filter module gets the correct php data from php file in the buckets. But when I try to open the same php file second time, I see that there are some extra strings appended to the original php file contents and sent to my filter module in the buckets. So in my filter when I read php data from the bucket I get the php data and some additional strings appended to the php data like below - !doctype htmlhtmlhead/headbodyHello from PHP/body /html6.26%20(KHTML,%20like%20Gecko)%20Version/6.0%20Mobile/10A5355d %20Safari/8536.25 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Any help is highly appreciated. Thanks. Are you sure it's a problem with the php5_module and not your filter? I only ask because the php5_module has been installed in numerous locations throughout the world, with custom modules (including an output filter of mine that wraps the page into a template), without issue. I had run into a similar problem eons ago (I believe about 10 years or so). In fact, I have one question that (if you answer honestly) will probably tell you where your problem is. Are you NULL-terminating all of your strings when you set them up at the beginning of the transaction? If you say yes, please send copies of code. If you say no, please fix and try again. When I ran into that problem so long ago, I was mistakenly working under the assumption that the strings being passed around were NULL-terminated, which is not always the case. Joe -- http://www.silverhawk.net/
Re: Apache C++ equivalent of javax.servlet.Filter
On 05/03/2013 01:53 AM, Sindhi Sindhi wrote: I'm so sorry, I searched, and found that request_rec has the below members - char *args; char *unparsed_uri; apr_uri_t parsed_uri; Which of the below members will have the exact URI that is passed from the browser? unparsed_uri will have what you are looking for. parsed_uri will be a post-processing, so it may or may not be the same. Joe
Re: Looking for suggestions: email clients
On Apr 14, 2013, at 5:36 PM, Tom Roth tom...@yahoo.com wrote: My web app needs to service email clients as well as browsers. Since the only messages I expect to process are small (SMS) and machine generated I'm looking for solutions short of installing a smtpd server and connecting it via scripts to the Apache server. At first glance I thought I could scavenge the protocol handler from mod_smtpd but it's apparently not well maintained and the source isn't where it was purported to be. Is there an smtp protocol module you would recommend? Any cleaner solutions than the brute-force approach outlined above? Hey, thanks in advance! ;-) - Tom Tom; I'm unaware of any up-to-date SMTP modules for Apache. That's not saying it cannot be done, but I think most people using SMTP will set up a separate SMTP server (e.g. Postfix or Exim). You'd get more mileage out of a separate software service than you would reinventing the wheel. I do not know of any open-source SMS service handler that doesn't require an SMS service gateway or cellular service of some sort, so you may not find what you are looking for in that regard. Hope you find what you are looking for! Joe smime.p7s Description: S/MIME cryptographic signature
Re: state management in handlers
Probably not, because you will have to cater to the MPM - e.g. use shared memory if a subsequent request comes into a different process. I'd suggest using shared memory (there are apr routines to do that), and that should guarantee that state will be shared between different threads or processes. Joe On Wed, Mar 6, 2013 at 5:59 PM, Nce Rt nce...@yahoo.com wrote: Is there a sample code to store and retrieve the state in a custom handler's local session?
Re: Private mod and mod_jk
On 11/08/2012 05:11 AM, easyboy wrote: I am new to the apache mods. I just writing up a new mod with content handler to set cookies in request http header. I was able to load this mod. I need this mod process the request header before mod_jk. I'd suggest mod_proxy_ajp instead of mod_jk - the proxy API is much easier to get a request into and alter content, and it is the future of Apache-Jakarta connections. Joe
Re: best way to return the content of a file
Yes. Every virtual host should be able to have a separate configuration, hence different configs. The server_rec structure points to the virtual host. There are ways to get the global settings from the global server_rec, do some searches.on the list archives and you will find that if its what you needed. Joe -- Http://www.silverhawk.net/ On Aug 19, 2012 3:49 AM, nik600 nik...@gmail.com wrote: On Sat, Aug 18, 2012 at 7:18 PM, nik600 nik...@gmail.com wrote: On Sat, Aug 18, 2012 at 6:32 PM, Eric Covener cove...@gmail.com wrote: i'm enabling my module with a Location directive: Location /data SetHandler kcache /Location and i want to control the execution of the module with an initial check: if (!r-handler || strcmp(r-handler, kcache)) return (DECLINED); but r-handler is null if the hook is called in ap_hook_translate_name state, so how can i check this condition? You can't check that condition early. You should implement a directive to enable your module in these early phases. i've done that, and i've set the configuration per-directory, but it seems that is have every time the same value, even if called from different locations: static const command_reckcache_directives[] = { AP_INIT_TAKE1(KcacheEnabled, kcache_set_enabled, NULL, ACCESS_CONF, KcacheEnabled must have Off or On value), AP_INIT_TAKE1(KcachePath, kcache_set_path, NULL, ACCESS_CONF, KcachePath must contain the path), { NULL } }; static void register_hooks(apr_pool_t* pool) { /* * imposto i valori di default */ config.enabled=FALSE; config.path=/var/www; static const char *succ[] = {mod_proxy.c,mod_alias.c, NULL}; ap_hook_translate_name(kcache_handler, NULL, succ, APR_HOOK_MIDDLE); } module AP_MODULE_DECLARE_DATA kcache_module = { STANDARD20_MODULE_STUFF, NULL, NULL, NULL, NULL, kcache_directives, register_hooks }; then i have: in the global config Directory / KcacheEnabled Off /Directory and in a specific vhost: Directory /var/www/kcache/trunk/data KcacheEnabled On KcachePath /var/www/data /Directory finally i've added in my handler: static int kcache_handler(request_rec* r) { apr_status_t s; ap_log_rerror(APLOG_MARK, APLOG_DEBUG,s,r,KcacheEnabled = %i,config.enabled); ap_log_rerror(APLOG_MARK, APLOG_DEBUG,s,r,KcachePath = %s,config.path); if(!config.enabled){ ap_log_rerror(APLOG_MARK, APLOG_NOTICE,s,r,KcacheEnabled = Off, exiting from kcache); return DECLINED; } ... ... but looking at logs it seems that KcacheEnabled is always On. Is my approach correct? Thanks -- /*/ nik600 http://www.kumbe.it Ok, i was missing the create_dir_conf and merge_dir_conf handlers. One more thing (i hope the last :-) ) when the documentation talk about server configuration handler/merge it is intended by vhost? Thanks -- /*/ nik600 http://www.kumbe.it
Re: Best practices or recommendations for logging from a module?
Jim, you could use the log_error funtion all the time. Log_perror javits logging associated with a pool, and log_rerror is for requests. If possible, use log_rerror, because it puts the up address, etc into the logs. Joe On Jul 1, 2012 10:56 AM, oh...@cox.net wrote: oh...@cox.net wrote: Hi, I'm working on my 1st module, and everything seems to be working so far. At this point, since it's a first module, and I've been doing lots of debugging, mostly running Apache in single process mode (-k start -X), I've only been using printf to output various things. I am somewhat loath to remove some of the printf output, esp. since my module is still pretty raw (though working), but I'm starting to look into how I can switch from using printf to whatever is normally used for logging output from Apache modules. Given that I don't want to completely remove the ability to output the debug output, is there a best practice for logging from an Apache module? Is it just to use the apr logging calls, and set the level to debug? Thanks, Jim Hi, Also, I guess that, other than the functions take different parameters, I don't quite get why there are 4(?) different log functions (apr_log_error(), apr_log_rerror(), etc.). Can I just use one of them all the time, e.g., apr_log_error()? Jim
Re: Best practices or recommendations for logging from a module?
On 07/01/2012 12:55 PM, oh...@cox.net wrote: oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisjle...@silverhawk.net wrote: Jim, you could use the log_error funtion all the time. Log_perror javits logging associated with a pool, and log_rerror is for requests. If possible, use log_rerror, because it puts the up address, etc into the logs. Joe On Jul 1, 2012 10:56 AM,oh...@cox.net wrote: Joe, Thanks! Jim Hi, Oh, oh :(. I'm using: ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,my message); all over the place, and even though I have only one LogLevel in the httpd;conf, at the top level, set to debug, I don't see those messages. The only ones I see are the ones that use APLOG_NOTICE. Why is this? I thought that with LogLevel set to debug, that I should see all level msgs output using ap_log_error? Thanks, Jim Hi, I think that I've found out why I'm not seeing those log messages. Apparently, if the server parameter is NULL, only APLOG_NOTICE message appear except for during startup. So, I have use a server for that parameter, e.g. r-server, BUT, in some cases, e.g., in a function like the response callback for libcurl, where the signature is pre-defined, and where there is no request_rec or server_rec among the parameters, how can I get ap_log_error to output anything (other than APLOG_NOTICE) messages? Thanks, Jim Again, if you have access to a request_rec structure, I'd use ap_log_rerror. Otherwise, use ap_log_perror. Those have a better consistency with logging, e.g. : ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, requestrec, uri = %s,r-uri); ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, pool, creating config); Joe
Re: Best practices or recommendations for logging from a module?
On 07/01/2012 01:53 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 07/01/2012 12:55 PM, oh...@cox.net wrote: oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisjle...@silverhawk.net wrote: Jim, you could use the log_error funtion all the time. Log_perror javits logging associated with a pool, and log_rerror is for requests. If possible, use log_rerror, because it puts the up address, etc into the logs. Joe On Jul 1, 2012 10:56 AM,oh...@cox.net wrote: Joe, Thanks! Jim Hi, Oh, oh :(. I'm using: ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,my message); all over the place, and even though I have only one LogLevel in the httpd;conf, at the top level, set to debug, I don't see those messages. The only ones I see are the ones that use APLOG_NOTICE. Why is this? I thought that with LogLevel set to debug, that I should see all level msgs output using ap_log_error? Thanks, Jim Hi, I think that I've found out why I'm not seeing those log messages. Apparently, if the server parameter is NULL, only APLOG_NOTICE message appear except for during startup. So, I have use a server for that parameter, e.g. r-server, BUT, in some cases, e.g., in a function like the response callback for libcurl, where the signature is pre-defined, and where there is no request_rec or server_rec among the parameters, how can I get ap_log_error to output anything (other than APLOG_NOTICE) messages? Thanks, Jim Again, if you have access to a request_rec structure, I'd use ap_log_rerror. Otherwise, use ap_log_perror. Those have a better consistency with logging, e.g. : ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, requestrec, uri = %s,r-uri); ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, pool, creating config); Joe Hi, I think that I'm not explaining the problem that I have very clearly :(... Per earlier thread, I'm using libcurl to make an HTTP GET request from my module. In order that my module can access the response to that GET request, I had to use a write callback function tha allows curl to t make the response available to my code. That does explain things. Using libcurl in a situation like that before, I ended up using the callback function data as a structure, and you could (in theory) slap the same request_rec pointers into that structure so that you also had them in the call back. Aside from that, you are correct, if you don't have access to the request_rec/pool_t structures, ap_log_error works the best, but r-server won't work, either. Are you using virtual hosts? If so, did you check all of the logs? using r-server might behave differently and end up logging messages into a different log file if you have virtual hosts. Joe
Re: Best practices or recommendations for logging from a module?
On 07/01/2012 05:28 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 07/01/2012 01:53 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 07/01/2012 12:55 PM, oh...@cox.net wrote: oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisjle...@silverhawk.netwrote: Jim, you could use the log_error funtion all the time. Log_perror javits logging associated with a pool, and log_rerror is for requests. If possible, use log_rerror, because it puts the up address, etc into the logs. Joe On Jul 1, 2012 10:56 AM,oh...@cox.netwrote: Joe, Thanks! Jim Hi, Oh, oh :(. I'm using: ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,my message); all over the place, and even though I have only one LogLevel in the httpd;conf, at the top level, set to debug, I don't see those messages. The only ones I see are the ones that use APLOG_NOTICE. Why is this? I thought that with LogLevel set to debug, that I should see all level msgs output using ap_log_error? Thanks, Jim Hi, I think that I've found out why I'm not seeing those log messages. Apparently, if the server parameter is NULL, only APLOG_NOTICE message appear except for during startup. So, I have use a server for that parameter, e.g. r-server, BUT, in some cases, e.g., in a function like the response callback for libcurl, where the signature is pre-defined, and where there is no request_rec or server_rec among the parameters, how can I get ap_log_error to output anything (other than APLOG_NOTICE) messages? Thanks, Jim Again, if you have access to a request_rec structure, I'd use ap_log_rerror. Otherwise, use ap_log_perror. Those have a better consistency with logging, e.g. : ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, requestrec, uri = %s,r-uri); ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, pool, creating config); Joe Hi, I think that I'm not explaining the problem that I have very clearly :(... Per earlier thread, I'm using libcurl to make an HTTP GET request from my module. In order that my module can access the response to that GET request, I had to use a write callback function tha allows curl to t make the response available to my code. That does explain things. Using libcurl in a situation like that before, I ended up using the callback function data as a structure, and you could (in theory) slap the same request_rec pointers into that structure so that you also had them in the call back. Aside from that, you are correct, if you don't have access to the request_rec/pool_t structures, ap_log_error works the best, but r-server won't work, either. Are you using virtual hosts? If so, did you check all of the logs? using r-server might behave differently and end up logging messages into a different log file if you have virtual hosts. Joe Hi, I was thinking about something similar to what you suggested, but I think that, for now, I'll just use APLOG_NOTICE for the ap_log_error() calls inside the callback. These would mainly be for debugging anyway. Thanks, Jim Just a suggestion, then. I'd suggest leaving those calls in, and surround them with #ifdef directives. Then, rather than removing them when you finish the product, you simply remove a #define listed at the top and those calls don't get compiled in. Makes it easier to also compile a debug-specific version, too. Joe -- http://www.silverhawk.net/
Re: UNSOLVED was Re: SOLVED was Re: How to compiling/link/use Apache module that uses shared library?
On 6/22/12 6:16 AM, oh...@cox.net wrote: oh...@cox.net wrote: Rainer Jungrainer.j...@kippdata.de wrote: On 22.06.2012 06:10, Joe Lewis wrote: On 6/21/12 10:02 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 9:39 PM, oh...@cox.net wrote: oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisj...@joe-lewis.comwrote: On 6/21/12 7:32 PM, oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 6:46 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 5:49 PM, oh...@cox.net wrote: oh...@cox.net wrote: Sorin Manolachesor...@gmail.com wrote: And I forgot to say: run gdb in some sort of environment where you see your current source code line and a couple of surrounding lines. You could achieve this with the list command, but I prefer running gdb in emacs and let emacs do the nice listing of source code in a different panel. S Here's the function from my source. It's the original from mod_headers.c, plus my printf: static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { printf(In header_post_config\n); header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); return OK; } Jim Hi, I was able to get the segfault to go away. Here's what I had to do: - Created /etc/ld.so.conf.d/my.conf, and added the directory where my libobaccess.so was - Run 'ldconfig' to activate. - In the apxs command, DON'T include the -L and -l arguments After that, Apache appears to start ok, without segfault :)!! Thanks for all of the great help, esp. the suggestion about checking ldconfig -p. I still don't understand why, but I'm just glad that I can get past this piece so now I can debug my module :)... Later, Jim I'm just glad this list is as good as it is! FYI, the ldconfig is the dynamic linker control, and those /etc/ld.so.conf.d files provide additional search directories for the linker to check in when loading a library. Joe -- http://www.silverhawk.net/ Hi, Sorry to report, but my earlier report was a false positive :)... I forgot that the mod_headers.c that I was doing the earlier testing with had all references to the libobaccess.so removed :(!! So, I'm still stuck with basically the same problem, now, working with my full code, with the calls in it: - If I compile with -L and -l, Apache segfaults when it starts - If I compile without -L and -l, then I get undefined symbol errors when I try to start Apache, e.g.: [root@apachemodule build-mod_headers]# /apps/httpd/bin/apachectl -k start -X httpd: Syntax error on line 84 of /apps/httpd/conf/httpd.conf: Cannot load /apps/httpd/modules/mod_headers.so into server: /apps/httpd/modules/mod_headers.so: undefined symbol: ObResource_isProtected That ObResource_isProtected should be a symbol in libobaccess.so, and in fact, if I do nm --dynamic, I get: [root@apachemodule build-mod_headers]# nm --dynamic /apps/netpoint/lib64/libobaccess.so | grep ObResource_isProtected 000a6d80 T ObResource_isProtected [root@apachemodule build-mod_headers]# I'm *assuming* that the reason for the undefined symbol error is that libobaccess.so is actually not being loaded, but then when I try to load libobaccess.so, either via -L and -l in the apxs, or using LoadFile in httpd.conf, I get the segfault (same gdb info, BTW). Catch-22? Sorry for the false alarm :(!! Jim Not a catch-22. The -L and -l specify linker options when assembling the code. The ldconfig is a run-time thing. If you are getting the stderr messages, you are making it all the way into your library. I'd suggest commenting out the following line and see if you get farther : header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); That should tell you if the problem is the ssl_var_lookup. Joe -- http://www.silverhawk.net/ Hi, Thanks for the suggestion. I just tried what you suggested, and got a segfault when I started Apache with the modified module. Jim Hi, As a reminder, here's the gdb with the library loaded: (gdb) b header_post_config Function header_post_config not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (header_post_config) pending. (gdb) run -d /apps/httpd/ -f /apps/httpd/conf/httpd.conf Starting program: /apps/httpd/bin/httpd -d /apps/httpd/ -f /apps/httpd/conf/httpd.conf [Thread debugging using libthread_db enabled] [New Thread 182897610272 (LWP 11317)] Breakpoint 2 at 0x2a9751ea90: file mod_headers.c, line 1121. Pending breakpoint header_post_config resolved mod_headers-jl V0.09 - start calling OAM API In register_hooks In create_headers_dir_config In create_headers_dir_config In header_cmd In header_inout_cmd In parse_format_tag In parse_misc_string In create_headers_dir_config In header_cmd In header_inout_cmd
Re: Followup to earlier thread about How to compiling/link/use Apache module that uses shared library?
On 6/22/12 9:35 AM, oh...@cox.net wrote: oh...@cox.net wrote: Hi, Now that I've gotten by earlier problems with the module I'm working on (see thread Re: UNSOLVED was Re: SOLVED was Re: How to compiling/link/use Apache module that uses shared library?), I am trying to get my module to work with the stuff in that libobaccess.so. This .so is part of Oracle's Access Server SDK (ASDK). The problem I'm running into now is that there's an initialization call in the library that I need to make, ObConfig_initialize() that is suppose to initialize the SDK environment, but when I call that (it takes either NULL or a const * char as parameter), it's blowing up (Apache aborts). I *think* that the problem is that the libobaccess.so is actually C++, with a bunch of wrapper-type C functions to wrap the C++ functions, i.e., so my module (which is C) calls a function, and inside obaccess.so the function calls a C++ function)., and it's probably blowing up because the Oracle code doesn't know anything about Pool memory, but rather uses C++ new, etc. Here's a gdb backtrace showing this: In callAccessGate()... In callAccessGate(): About to set handler... In callAccessGate(): returned from set handler In callAccessGate(): About to call ObConfig_initialize()... Program received signal SIGABRT, Aborted. [Switching to Thread 182897612000 (LWP 15573)] 0x00351432e26d in raise () from /lib64/tls/libc.so.6 (gdb) bt full #0 0x00351432e26d in raise () from /lib64/tls/libc.so.6 No symbol table info available. #1 0x00351432fa6e in abort () from /lib64/tls/libc.so.6 No symbol table info available. #2 0x00351a7b1148 in __gnu_cxx::__verbose_terminate_handler () from /lib64/libstdc++.so.6 No symbol table info available. #3 0x00351a7af176 in __cxa_call_unexpected () from /lib64/libstdc++.so.6 No symbol table info available. #4 0x00351a7af1a3 in std::terminate () from /lib64/libstdc++.so.6 No symbol table info available. #5 0x00351a7af2a3 in __cxa_throw () from /lib64/libstdc++.so.6 No symbol table info available. #6 0x002a97898a05 in ObThreadInitNLS () from /apps/netpoint/lib64/libobaccess.so No symbol table info available. #7 0x002a97898f75 in SetGlobalInTLS () from /apps/netpoint/lib64/libobaccess.so No symbol table info available. #8 0x002a9789913f in GetGlobalFromTLS () from /apps/netpoint/lib64/libobaccess.so No symbol table info available. #9 0x002a97899edc in NLS::NLS () from /apps/netpoint/lib64/libobaccess.so No symbol table info available. #10 0x002a9773f1b1 in ObConfig::initialize () from /apps/netpoint/lib64/libobaccess.so No symbol table info available. #11 0x002a976ee55d in ObConfig_initialize () from /apps/netpoint/lib64/libobaccess.so ---Typereturn to continue, or qreturn to quit--- No symbol table info available. #12 0x002a97b94266 in callAccessGate ( PEM=0x706850 MIICrTCCAhagAwIBAgICECUwDQYJKoZIhvcNAQEEBQAwgZMxCzAJBgNVBAYTAlVT\nMQswCQYDVQQIEwJWQTEPMA0GA1UEBxMGT0FLVE9OMRMwEQYDVQQKEwpKTFNpbXBs\nZUNBMRIwEAYDVQQLEwlKTERlbW8gQ0ExGzAZBgNVBAMTEkpMU2ltcGxlQ0EgRGVt\nbyBDQ..., url=0x2a97b956b0 //apache1/certprotected/index.html) at mod_headers.c:847 res = Variable res is not available. (gdb) So, my code calls ObConfig_initialize() then it appears that that calls ObConfig_initialize() which is presumably a C++ function. In general, is there any way to handle this problem/situation if it's memory allocation (inside libobaccess.so) related? Thanks, Jim Sorry. I meant to say: So, my code calls ObConfig_initialize() then it appears that that calls ObConfig::initialize() which is presumably a C++ function. Jim I believe you are correct - the previous stack traces (exception handling) is a C++ thing. The real problem you have is that it's using malloc() and free(), and I don't think you can manipulate that. You may have to contact Oracle to see if there are functions to override their use of malloc and free. If there's not a way to override, you have one option - on post_config, spin off a separate process that you communicate with via socket/IPC. Joe -- http://www.silverhawk.net/
Re: Deleting only bucket in brigade
On 6/22/12 9:52 AM, Jodi Bosa wrote: What do you do in an input filter when you need to remove the only bucket in the bucket brigade? The following results in the filter not being called with any of the subsequent bucket brigades: apr_bucket_delete(b); The following hangs: b-length = 0; In other words, my input filter gets called multiple times (once for each line (AP_MODE_READLINE)) with a new bucket brigade each time. For one of these I want to delete the bucket but it is the only bucket in the brigade. Can you simply create a new bucket (apr_bucket_alloc_create), insert it before the bucket you wish to delete, then delete the old bucket? Joe -- http://www.silverhawk.net/
Re: Deleting only bucket in brigade
On 06/22/2012 12:17 PM, Jodi Bosa wrote: excellent - that worked! ... tmpBucket = APR_BUCKET_NEXT(b); newBucket = apr_bucket_immortal_create(, (apr_size_t )0, bucketAlloc); APR_BUCKET_INSERT_BEFORE(tmpBucket, newBucket); apr_bucket_delete(b); ... But I'm surprised I haven't seen this in other modules - am I that unique in deleting an entire bucket?? You're not the only one who removes buckets. I delete buckets in one of my output filters. If you need the filters to still be called with an empty brigade, the create/insert/delete technique should guarante it's not an empty brigade, even though there is no data. My thoughts are that if a brigade is empty, why pass it on? You can't really parse much data when there is none to be parsed. Hence, I think they get dropped if the brigade is empty by default, but am not 100% sure on that. Joe -- http://www.silverhawk.net/
Re: SOLVED was Re: How to compiling/link/use Apache module that uses shared library?
On 6/21/12 5:49 PM, oh...@cox.net wrote: oh...@cox.net wrote: Sorin Manolachesor...@gmail.com wrote: And I forgot to say: run gdb in some sort of environment where you see your current source code line and a couple of surrounding lines. You could achieve this with the list command, but I prefer running gdb in emacs and let emacs do the nice listing of source code in a different panel. S Here's the function from my source. It's the original from mod_headers.c, plus my printf: static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { printf(In header_post_config\n); header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); return OK; } Jim Hi, I was able to get the segfault to go away. Here's what I had to do: - Created /etc/ld.so.conf.d/my.conf, and added the directory where my libobaccess.so was - Run 'ldconfig' to activate. - In the apxs command, DON'T include the -L and -l arguments After that, Apache appears to start ok, without segfault :)!! Thanks for all of the great help, esp. the suggestion about checking ldconfig -p. I still don't understand why, but I'm just glad that I can get past this piece so now I can debug my module :)... Later, Jim I'm just glad this list is as good as it is! FYI, the ldconfig is the dynamic linker control, and those /etc/ld.so.conf.d files provide additional search directories for the linker to check in when loading a library. Joe -- http://www.silverhawk.net/
Re: UNSOLVED was Re: SOLVED was Re: How to compiling/link/use Apache module that uses shared library?
On 6/21/12 7:32 PM, oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 6:46 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 5:49 PM, oh...@cox.net wrote: oh...@cox.net wrote: Sorin Manolachesor...@gmail.comwrote: And I forgot to say: run gdb in some sort of environment where you see your current source code line and a couple of surrounding lines. You could achieve this with the list command, but I prefer running gdb in emacs and let emacs do the nice listing of source code in a different panel. S Here's the function from my source. It's the original from mod_headers.c, plus my printf: static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { printf(In header_post_config\n); header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); return OK; } Jim Hi, I was able to get the segfault to go away. Here's what I had to do: - Created /etc/ld.so.conf.d/my.conf, and added the directory where my libobaccess.so was - Run 'ldconfig' to activate. - In the apxs command, DON'T include the -L and -l arguments After that, Apache appears to start ok, without segfault :)!! Thanks for all of the great help, esp. the suggestion about checking ldconfig -p. I still don't understand why, but I'm just glad that I can get past this piece so now I can debug my module :)... Later, Jim I'm just glad this list is as good as it is! FYI, the ldconfig is the dynamic linker control, and those /etc/ld.so.conf.d files provide additional search directories for the linker to check in when loading a library. Joe -- http://www.silverhawk.net/ Hi, Sorry to report, but my earlier report was a false positive :)... I forgot that the mod_headers.c that I was doing the earlier testing with had all references to the libobaccess.so removed :(!! So, I'm still stuck with basically the same problem, now, working with my full code, with the calls in it: - If I compile with -L and -l, Apache segfaults when it starts - If I compile without -L and -l, then I get undefined symbol errors when I try to start Apache, e.g.: [root@apachemodule build-mod_headers]# /apps/httpd/bin/apachectl -k start -X httpd: Syntax error on line 84 of /apps/httpd/conf/httpd.conf: Cannot load /apps/httpd/modules/mod_headers.so into server: /apps/httpd/modules/mod_headers.so: undefined symbol: ObResource_isProtected That ObResource_isProtected should be a symbol in libobaccess.so, and in fact, if I do nm --dynamic, I get: [root@apachemodule build-mod_headers]# nm --dynamic /apps/netpoint/lib64/libobaccess.so | grep ObResource_isProtected 000a6d80 T ObResource_isProtected [root@apachemodule build-mod_headers]# I'm *assuming* that the reason for the undefined symbol error is that libobaccess.so is actually not being loaded, but then when I try to load libobaccess.so, either via -L and -l in the apxs, or using LoadFile in httpd.conf, I get the segfault (same gdb info, BTW). Catch-22? Sorry for the false alarm :(!! Jim Not a catch-22. The -L and -l specify linker options when assembling the code. The ldconfig is a run-time thing. If you are getting the stderr messages, you are making it all the way into your library. I'd suggest commenting out the following line and see if you get farther : header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); That should tell you if the problem is the ssl_var_lookup. Joe -- http://www.silverhawk.net/ Hi, Thanks for the suggestion. I just tried what you suggested, and got a segfault when I started Apache with the modified module. Jim Hi, As a reminder, here's the gdb with the library loaded: (gdb) b header_post_config Function header_post_config not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (header_post_config) pending. (gdb) run -d /apps/httpd/ -f /apps/httpd/conf/httpd.conf Starting program: /apps/httpd/bin/httpd -d /apps/httpd/ -f /apps/httpd/conf/httpd.conf [Thread debugging using libthread_db enabled] [New Thread 182897610272 (LWP 11317)] Breakpoint 2 at 0x2a9751ea90: file mod_headers.c, line 1121. Pending breakpoint header_post_config resolved mod_headers-jl V0.09 - start calling OAM API In register_hooks In create_headers_dir_config In create_headers_dir_config In header_cmd In header_inout_cmd In parse_format_tag In parse_misc_string In create_headers_dir_config In header_cmd In header_inout_cmd In parse_format_tag In parse_misc_string [Switching to Thread 182897610272 (LWP 11317)] Breakpoint 2, header_post_config (pconf=0x573138, plog=0x5a52c8, ptemp=0x5a72d8, s=0x59d3a8) at mod_headers.c:1121 1121printf(In header_post_config\n); (gdb) n 1120{ (gdb) n 1121printf(In header_post_config\n); (gdb) n In header_post_config 1122header_ssl_lookup =
Re: UNSOLVED was Re: SOLVED was Re: How to compiling/link/use Apache module that uses shared library?
On 6/21/12 9:39 PM, oh...@cox.net wrote: oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 7:32 PM, oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 6:46 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.comwrote: On 6/21/12 5:49 PM, oh...@cox.net wrote: oh...@cox.net wrote: Sorin Manolachesor...@gmail.com wrote: And I forgot to say: run gdb in some sort of environment where you see your current source code line and a couple of surrounding lines. You could achieve this with the list command, but I prefer running gdb in emacs and let emacs do the nice listing of source code in a different panel. S Here's the function from my source. It's the original from mod_headers.c, plus my printf: static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { printf(In header_post_config\n); header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); return OK; } Jim Hi, I was able to get the segfault to go away. Here's what I had to do: - Created /etc/ld.so.conf.d/my.conf, and added the directory where my libobaccess.so was - Run 'ldconfig' to activate. - In the apxs command, DON'T include the -L and -l arguments After that, Apache appears to start ok, without segfault :)!! Thanks for all of the great help, esp. the suggestion about checking ldconfig -p. I still don't understand why, but I'm just glad that I can get past this piece so now I can debug my module :)... Later, Jim I'm just glad this list is as good as it is! FYI, the ldconfig is the dynamic linker control, and those /etc/ld.so.conf.d files provide additional search directories for the linker to check in when loading a library. Joe -- http://www.silverhawk.net/ Hi, Sorry to report, but my earlier report was a false positive :)... I forgot that the mod_headers.c that I was doing the earlier testing with had all references to the libobaccess.so removed :(!! So, I'm still stuck with basically the same problem, now, working with my full code, with the calls in it: - If I compile with -L and -l, Apache segfaults when it starts - If I compile without -L and -l, then I get undefined symbol errors when I try to start Apache, e.g.: [root@apachemodule build-mod_headers]# /apps/httpd/bin/apachectl -k start -X httpd: Syntax error on line 84 of /apps/httpd/conf/httpd.conf: Cannot load /apps/httpd/modules/mod_headers.so into server: /apps/httpd/modules/mod_headers.so: undefined symbol: ObResource_isProtected That ObResource_isProtected should be a symbol in libobaccess.so, and in fact, if I do nm --dynamic, I get: [root@apachemodule build-mod_headers]# nm --dynamic /apps/netpoint/lib64/libobaccess.so | grep ObResource_isProtected 000a6d80 T ObResource_isProtected [root@apachemodule build-mod_headers]# I'm *assuming* that the reason for the undefined symbol error is that libobaccess.so is actually not being loaded, but then when I try to load libobaccess.so, either via -L and -l in the apxs, or using LoadFile in httpd.conf, I get the segfault (same gdb info, BTW). Catch-22? Sorry for the false alarm :(!! Jim Not a catch-22. The -L and -l specify linker options when assembling the code. The ldconfig is a run-time thing. If you are getting the stderr messages, you are making it all the way into your library. I'd suggest commenting out the following line and see if you get farther : header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); That should tell you if the problem is the ssl_var_lookup. Joe -- http://www.silverhawk.net/ Hi, Thanks for the suggestion. I just tried what you suggested, and got a segfault when I started Apache with the modified module. Jim Hi, As a reminder, here's the gdb with the library loaded: (gdb) b header_post_config Function header_post_config not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (header_post_config) pending. (gdb) run -d /apps/httpd/ -f /apps/httpd/conf/httpd.conf Starting program: /apps/httpd/bin/httpd -d /apps/httpd/ -f /apps/httpd/conf/httpd.conf [Thread debugging using libthread_db enabled] [New Thread 182897610272 (LWP 11317)] Breakpoint 2 at 0x2a9751ea90: file mod_headers.c, line 1121. Pending breakpoint header_post_config resolved mod_headers-jl V0.09 - start calling OAM API In register_hooks In create_headers_dir_config In create_headers_dir_config In header_cmd In header_inout_cmd In parse_format_tag In parse_misc_string In create_headers_dir_config In header_cmd In header_inout_cmd In parse_format_tag In parse_misc_string [Switching to Thread 182897610272 (LWP 11317)] Breakpoint 2, header_post_config (pconf=0x573138, plog=0x5a52c8, ptemp=0x5a72d8, s=0x59d3a8) at mod_headers.c:1121 1121printf(In header_post_config\n);
Re: UNSOLVED was Re: SOLVED was Re: How to compiling/link/use Apache module that uses shared library?
On 6/21/12 10:02 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 9:39 PM, oh...@cox.net wrote: oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 7:32 PM, oh...@cox.net wrote: oh...@cox.net wrote: Joe Lewisj...@joe-lewis.comwrote: On 6/21/12 6:46 PM, oh...@cox.net wrote: Joe Lewisj...@joe-lewis.com wrote: On 6/21/12 5:49 PM, oh...@cox.net wrote: oh...@cox.net wrote: Sorin Manolachesor...@gmail.com wrote: And I forgot to say: run gdb in some sort of environment where you see your current source code line and a couple of surrounding lines. You could achieve this with the list command, but I prefer running gdb in emacs and let emacs do the nice listing of source code in a different panel. S Here's the function from my source. It's the original from mod_headers.c, plus my printf: static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { printf(In header_post_config\n); header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); return OK; } Jim Hi, I was able to get the segfault to go away. Here's what I had to do: - Created /etc/ld.so.conf.d/my.conf, and added the directory where my libobaccess.so was - Run 'ldconfig' to activate. - In the apxs command, DON'T include the -L and -l arguments After that, Apache appears to start ok, without segfault :)!! Thanks for all of the great help, esp. the suggestion about checking ldconfig -p. I still don't understand why, but I'm just glad that I can get past this piece so now I can debug my module :)... Later, Jim I'm just glad this list is as good as it is! FYI, the ldconfig is the dynamic linker control, and those /etc/ld.so.conf.d files provide additional search directories for the linker to check in when loading a library. Joe -- http://www.silverhawk.net/ Hi, Sorry to report, but my earlier report was a false positive :)... I forgot that the mod_headers.c that I was doing the earlier testing with had all references to the libobaccess.so removed :(!! So, I'm still stuck with basically the same problem, now, working with my full code, with the calls in it: - If I compile with -L and -l, Apache segfaults when it starts - If I compile without -L and -l, then I get undefined symbol errors when I try to start Apache, e.g.: [root@apachemodule build-mod_headers]# /apps/httpd/bin/apachectl -k start -X httpd: Syntax error on line 84 of /apps/httpd/conf/httpd.conf: Cannot load /apps/httpd/modules/mod_headers.so into server: /apps/httpd/modules/mod_headers.so: undefined symbol: ObResource_isProtected That ObResource_isProtected should be a symbol in libobaccess.so, and in fact, if I do nm --dynamic, I get: [root@apachemodule build-mod_headers]# nm --dynamic /apps/netpoint/lib64/libobaccess.so | grep ObResource_isProtected 000a6d80 T ObResource_isProtected [root@apachemodule build-mod_headers]# I'm *assuming* that the reason for the undefined symbol error is that libobaccess.so is actually not being loaded, but then when I try to load libobaccess.so, either via -L and -l in the apxs, or using LoadFile in httpd.conf, I get the segfault (same gdb info, BTW). Catch-22? Sorry for the false alarm :(!! Jim Not a catch-22. The -L and -l specify linker options when assembling the code. The ldconfig is a run-time thing. If you are getting the stderr messages, you are making it all the way into your library. I'd suggest commenting out the following line and see if you get farther : header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); That should tell you if the problem is the ssl_var_lookup. Joe -- http://www.silverhawk.net/ Hi, Thanks for the suggestion. I just tried what you suggested, and got a segfault when I started Apache with the modified module. Jim Hi, As a reminder, here's the gdb with the library loaded: (gdb) b header_post_config Function header_post_config not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (header_post_config) pending. (gdb) run -d /apps/httpd/ -f /apps/httpd/conf/httpd.conf Starting program: /apps/httpd/bin/httpd -d /apps/httpd/ -f /apps/httpd/conf/httpd.conf [Thread debugging using libthread_db enabled] [New Thread 182897610272 (LWP 11317)] Breakpoint 2 at 0x2a9751ea90: file mod_headers.c, line 1121. Pending breakpoint header_post_config resolved mod_headers-jl V0.09 - start calling OAM API In register_hooks In create_headers_dir_config In create_headers_dir_config In header_cmd In header_inout_cmd In parse_format_tag In parse_misc_string In create_headers_dir_config In header_cmd In header_inout_cmd In parse_format_tag In parse_misc_string [Switching to Thread 182897610272 (LWP 11317)] Breakpoint 2, header_post_config (pconf=0x573138, plog=0x5a52c8,
Re: Module: Mod_Dialup (ap_mpm_register_timed_callback)
On 6/1/12 2:36 AM, Pöchtrager, Bernhard wrote: ap_die should, in theory. Is your request handler adding in an EOS bucket (end of socket) ? Is anything calling the brigade functions in your code? No my request handler doesn't add an EOS bucket and I don't call the brigade function. Today I tried to take the mod_dialup without the file (I deleted every part with the file). I mean I use all brigade functions, I append an EOS bucket and I call the original dialup_send_pulse(). I modified the dialup_callback in this way: apr_thread_mutex_lock(db-r-invoke_mtx); get_data(db-r); //I added this line of code to send the response. (This is a stupid idea, but in my mind it should work) (Or should I send the response as a bucket?) status = dialup_send_pulse(db); //the status I get is done... Even with this code I have the same problem... I am working with keepalive requests. Is it possible that this isn't working with keepalive requests? It is definitely a possibility. What happens if you replace the get_data (probably the culprit to what you are doing) with the code from mod_dialup? Does it work as expected? If so, make the get_data() function behave a little more like the mod_dialup code, doing what you want it to do. Joe My first problem with mod_dialup is that I can't read the file. Strangely enough the value of r-finfo.filetype is 0. I changed the code and send only the EOS bucket. I receive a file (with 0 bytes and I can save it), but I have the same problem. Every second request is loading the whole time. I think I didn't make any mistake. In my mind either keepalive isn't supported or mod_dialup doesn't work (it's experimental...). Bernhard Oh.. No.. The problem is definitly the keepalive. I turned keepalive off and everything works fine. Thanks for your help I'm responding with this to the list so that it can be recorded for future searches. Bernard, thank you for being willing to dig in and do some research, and I'm glad you have located a work around! Joe
Re: one question about HTTP response header Content-Length
On 3/16/12 12:54 AM, Rui Hu wrote: Sorry I didn't describe my question accurately. I want to modify Cache-Control depending on Content-Length and Content-Type, and Content-Type depending on r-uri. Therefore I must get those two fields and set that one field. Any suggestion? An output filter is probably where you want to be. There are plenty of examples from previous posts (search the archives) if you want to know how to use one. Joe -- http://www.silverhawk.net/
Re: How to read PHP session in module
If you search Google for php basic auth, you should get some results. Take a look, there should even be some tutorials. On Mar 4, 2012 7:54 PM, yokota yok...@passlogy.com wrote: Thank you for your resonses, Joe and Ray. Joe, Php hooks into that, too, and can do basic auth. Could you tell me more in detail? Ray, I didn't know about apache_note. Thank you for good information. I can control PHP application under /app1/. So I can use apache_note when a user access /app1/ . But when a user access /app2/, I can not control under /app2/ and exactly at this time, I need to know whether a user is already logged in /app1/. Best regards, Sakuko (2012/03/03 3:43), Ray Morris wrote: Do you control the PHP application? notes are a mechanism for modules to share data, and PHP can set a note which can then be read by the new Apache module. http://php.net/manual/en/**function.apache-note.phphttp://php.net/manual/en/function.apache-note.php
Re: Intercepting HTTP 301/302 redirects
On 02/29/2012 07:46 PM, Swaminathan Bhaskar wrote: Thanks for the quick response Joe. Just to make sure, here is what I did: IfModule mod_myfilter.c Location / SetOutputFilter myfilter /Location /IfModule and the code #include stdio.h #include httpd.h #include http_protocol.h #include http_config.h #include util_filter.h #define MY_FILTER_NAME myfilter static int my_output_filter(ap_filter_t *f, apr_bucket_brigade *bb) { fprintf(stderr, mod_myfilter: status = %d, status-line = %s\n, f-r-status, f-r-status_line); ap_pass_brigade(f-next, bb); return APR_SUCCESS; } static void my_filter_hooks(apr_pool_t *pool) { ap_register_output_filter(MY_FILTER_NAME, my_output_filter, NULL, AP_FTYPE_RESOURCE); fprintf(stderr, mod_myfilter: registered my_output_filter\n); } module AP_MODULE_DECLARE_DATA myfilter_module = { STANDARD20_MODULE_STUFF, NULL, NULL, NULL, NULL, NULL, my_filter_hooks }; I setup an intentional redirect for testing Redirect 301 /red.htm http://localhost/green.htm When I try http://localhost/, should I not see the output from myfilter ? Maybe. Remember, errors don't go through the same outputs as regular responses. If you want to filter the results of anything outside of the standard 2xx HTTP responses, you have to insert an error filter as well, hence my reference to ap_hook_insert_error_filter(). As an example (borrowed from some of my source and modified for yours) : static void insert_my_output_error_filter(request_rec *r) { ap_add_output_filter(MY_FILTER_NAME,NULL,r,r-connection); } static void my_filter_hooks(apr_pool_t *p) { ap_hook_insert_error_filter(insert_my_output_error_filter, NULL, NULL, APR_HOOK_LAST); ap_register_output_filter(MY_FILTER_NAME,my_output_filter,NULL,AP_FTYPE_RESOURCE); }; Again, output filters and errors do not coincide. If you want to catch both, you have to hook both. (Same thing for r-headers_out and r-err_headers_out - r-headers_out won't make it into r-err_headers_out). Joe -- http://www.silverhawk.net
Re: Intercepting HTTP 301/302 redirects
Congrats! Welcome to the world of filters! On 03/01/2012 09:37 AM, Swaminathan Bhaskar wrote: Ahh - Finally, I was able to get it working. Thanks for the pointer. Here is the code snippet: #includestdio.h #includehttpd.h #includehttp_protocol.h #includehttp_config.h #includehttp_log.h #includeutil_filter.h #define MY_FILTER_NAME myfilter static void insert_myfilter(request_rec *req) { ap_add_output_filter(MY_FILTER_NAME, NULL, req, req-connection); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, req-server, mod_myfilter: inserted myfilter); } static int my_output_filter(ap_filter_t *f, apr_bucket_brigade *bb) { if (f-r-status_line != NULL) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, f-r-server, mod_myfilter: status = %d, status-line = %s, f-r-status, f-r-status_line); } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, f-r-server, mod_myfilter: status = %d, f-r-status); } ap_pass_brigade(f-next, bb); return APR_SUCCESS; } static void my_filter_hooks(apr_pool_t *pool) { ap_register_output_filter(MY_FILTER_NAME, my_output_filter, NULL, AP_FTYPE_RESOURCE); ap_hook_insert_filter(insert_myfilter, NULL, NULL, APR_HOOK_LAST); ap_hook_insert_error_filter(insert_myfilter, NULL, NULL, APR_HOOK_LAST); fprintf(stderr, mod_myfilter: registered my_output_filter\n); } module AP_MODULE_DECLARE_DATA myfilter_module = { STANDARD20_MODULE_STUFF, NULL, NULL, NULL, NULL, NULL, my_filter_hooks }; Rgds Bhaskar
Re: Intercepting HTTP 301/302 redirects
On 02/29/2012 06:01 PM, Swaminathan Bhaskar wrote: Hi Is there anyway to intercept HTTP 301/302 redirects ? I tried registering a very simple output filter (AP_FTYPE_RESOURCE) and the filter function did not get a callback. I would assume all output goes through the filter chain Rgds Bhaskar Did you hook the ap_hook_insert_error_filter function? For errors, you need that one. Joe -- http://www.silverhawk.net/
Re: NoRobot module
2 - you can make it default to on, and then just have the option of turning it off per vhost. Then there are no configuration changes for you, it's on, and others that find it useful (I can definitely see where it would be) can implement it as needed. Aside from that, it's a simple module that looks fairly good. Joe On 02/15/2012 03:34 AM, Mike Baroukh wrote: Hi. 1/ thanks 2/ on/off : for my needs, I wanted to be sure, *really* sure, that is the module is enabled, the server will return this response for all vhosts. So I did not wan't to enable/disable it by vhost. Then, if it could only be on/off gloablly, adding/removing the module is the way to toggle it on/off ... On debian, it is simple : a2(en|dis)mod norobot ... 3/ right. I'm not sure if the last \n is mandatory, but I added it ... Note : I saw that the default comments, coming from the sample are wrong : you don't have to enable the handler per Location. I updated them ... Thanks a lot for your advices ! Regards, Mike Baroukh --- Cardiweb - 29 Cite d'Antin Paris IXeme +33 6 63 57 27 22 / +33 1 53 21 82 63 http://www.cardiweb.com/ --- Le 15/02/2012 11:07, Nick Kew a écrit : On 15 Feb 2012, at 08:07, Mike Baroukh wrote: Disclaimer : I'm absolutly not a C ou System developer. I'm a Java developer. And this is my first module. So maybe it could be made better ... If you're asking for criticism, here goes: 1. It looks fine as far as it goes. 2. But would be much more generalisable if it were configurable on/off. This would remove the issue of running order which you tackled with APR_HOOK_FIRST. 3. Be conservative in what you send. The last line of your robots.txt is unterminated! -- Joe Lewis www.silverhawk.net
Re: Input Filters -- not seeing anything
I think he meant on your include line : #include apr_buckets.h #include util_filter.h stat On 01/16/2012 09:37 AM, Pranesh Vadhirajan wrote: I believe it's a header that is included in the Apache build, so I would think it doesn't have that issue. Thanks, Pranesh -Original Message- From: Arturo 'Buanzo' Busleiman [mailto:bua...@buanzo.com.ar] Sent: Monday, January 16, 2012 11:18 AM To: modules-dev@httpd.apache.org Subject: Re: Input Filters -- not seeing anything Is util_filter.h lacking a closing in the #include ? On 1/16/12, Pranesh Vadhirajanvadhira...@teralogics.com wrote: Hello, I'm very new to developing Input Filters with Apache. I have written an input filter to read the request body content and print it to my error log. I have two print statements in my filtering function (one to let me know that my filter code has been called and the other to print the request content). Yet, I'm not seeing anything happening (nothing is getting printed to my log). I have tried different things but I'm not able to make anything work, so I've attached the code below hoping to get some insight on why my filter doesn't seem to work. I am building the module using apxs and I have a LoadModule directive in the httpd.conf file to load my module. I'm new to the filter API and I'm totally out of ideas at this point as to why this is not working. #include httpd.h #include http_core.h #include http_protocol.h #include http_config.h #include http_protocol.h #include http_main.h #include http_log.h #include http_request.h #include util_script.h #include http_connection.h #includestdlib.h #includetime.h #includesys/time.h #includesys/types.h #includeregex.h #includestdio.h #include uvds_metrics_sessions.h #include apr.h #include apr_lib.h #include apr_general.h #include apr_strings.h #include ap_config.h #include apr_buckets.h #include util_filter.h static apr_status_t req_body_filter_in(ap_filter_t *f, apr_bucket_brigade *b, ap_input_mode_t mode, apr_size_t *readbytes) { const char *str; int length; apr_bucket *e; fprintf(stderr,reached this point\n); ap_get_brigade(f-next, b, mode, APR_BLOCK_READ,1); e = APR_BRIGADE_FIRST(b); if (e-type == NULL) { return APR_SUCCESS; } apr_bucket_read(e,str, (apr_size_t*)length, APR_NONBLOCK_READ); fprintf(stderr,req body: %s\n,str); return APR_SUCCESS; } static void my_register_hooks (apr_pool_t *p) { ap_hook_insert_filter(req_body_filter_in, NULL , NULL , APR_HOOK_MIDDLE) ; //ap_register_input_filter(get_request_body , req_body_filter_in , NULL , AP_FTYPE_RESOURCE) ; } module AP_MODULE_DECLARE_DATA my_module = { STANDARD20_MODULE_STUFF, NULL, /* Per-Directory Configuration */ NULL, /* Directory Config Merger */ NULL, /* Per-Server Configuration */ NULL, /* Server Config Merger */ NULL, /* Command Table (Directives) */ my_register_hooks/* Registering Hooks */ };
Re: Input Filters -- not seeing anything
You can do two things. Place some ap_*log debug lines in your code and compile to find the line, or use the Gnu debugger and step through apache until you get the segmentation fault. On 01/16/2012 10:45 AM, Pranesh Vadhirajan wrote: I forgot to mention in my original email, that I'm receiving segmentation faults, but I'm not sure what part of my code is causing this. Pranesh You can do two things. Place some ap_*log debug lines in your code and compile to find the line, or use the Gnu debugger and step through apache until you get the segmentation fault. Joe -- www.silverhawk.net
Re: A few questions on Input Filters
On 01/13/2012 09:24 AM, Martin Townsend wrote: Thanks Joe for the info, my input filter is now behaving itself again. I've not seen any FLUSH buckets yet so I doubt I will as we are running the bare minimum of modules. I'll let you know if I do though. One last question, when I don't see the EOS bucket should I return a certain APR_ error code to say the POST request hasn't finished yet. I'm currently return APR_OK and this seems to work. Cheers, Martin. Leave it as OK. If you return a different APR_ error, it could cause the entire request to hang. By returning OK, you are simply stating that your function has finished what it was passed, and all is well. Joe -- www.silverhawk.net
Re: A few questions on Input Filters
On 01/11/2012 04:17 AM, Martin Townsend wrote: The problem occured when the POST request was split into two brigades which are passed independently to my filter. So my first question is this expected? You should definitely expect that. Don't assume that the entire content will always come in the same way. In this kind of development architecture (where anyone can build a module), we should expect the unexpected. I assume it is so I have to alter my filter to handle partial bucket brigades. If so, I take it I can infer a partial brigade by the fact that the EOS bucket is not present? Whilst looking through other input filters I notice they handle FLUSH buckets, for my input filter I take it I can ignore these buckets as all I'm trying to do is extract the POST data to a buffer and then process it without altering it. If the brigade doesn't have that EOS, there is more to the stream to be read. When you see the FLUSH bucket, you should really be passing the brigade on to the next chain (FLUSH buckets are created when the brigade needs to be split). I had originally thought that FLUSH buckets were output buckets to prevent the client from waiting too long. Are you seeing these on an input chain? If so, what other modules are involved? I'm curious for my own understanding of how other modules might effect some of the stuff I have written. I noticed that one module's input filter ignored sub requests, does anyone know when sub requests occur within the input filter phase and whether I can ignore these too. The input's have already been done when a sub request is created. Usually, a sub request is happening when an output filter or a content generator are being called, so I'm not sure a sub-request will see the input from the parent filter. Many Thanks, Martin. That is what the list is for. Hope you can get things straightened out! Joe Lewis -- www.silverhawk.net
Re: please provide module for apache
If you compiled your own Apache properly, you should already have them. If someone else compiled your Apache, you should contact them. Thus list is forwriting your own modules. Joe On Dec 31, 2011 5:47 PM, phijo joseph phijo...@yahoo.com wrote: sir please provide modules for svn dav_module dav_svn_module authz_svn_module thanks and regards phijo
Re: I need some idea about one unusual module with threaded communication :
On Sun, Aug 21, 2011 at 8:57 AM, milad rezai re...@ncc-gnss.com wrote: How can I communicate between different thread (one thread per client)? Problem : I need to develop a module with persistent connections, I have two kind of clients : one of them persistently sends data on connection and another must use and get from first kind of connections and place on his socket for feeding his client? Consider using shared memory - or shm. Using a search engine and apache module shared memory example gives a previous thread on this list : http://marc.info/?l=apache-modulesm=113977658131259 In it, Nick gives a pointer to look at the util_ldap source. Now how can I handle this type of module? Is Apache module development platform enough for writing this? The examples will show you that there are components to the API that can be used (for portability). Hopefully, this will help. Joe
Re: centOS apache module Vs. ubuntu apache module
On Fri, 2011-08-19 at 17:17 +0800, david jone wrote: First, very thanks for members of the modules-dev's mailist for detailed reply. Maybe I should locate the problem within more smaller within more limited range. Note also, that a module compiled in a 64 bit environment will not work in a 32 bit environment. Usually, if you want a CentOS module, compile it on CentOS. The moment you start playing with the same binaries on different distributions, you also encounter library versions (as noted by Ray). The only ways around this are not suggested (e.g. static linking, yada, yada, yada). The beautiful thing about Apache 2.2.x or 2.0.x is that modules compiled properly should not have to be re-complied for a minor version change (e.g. 2.0.63 to 2.0.64). However, that still leaves other packages that may contribute to version mismatches. Again, remember that when the ELF format is wrong, the system loading the dynamic library can't read the library (e.g. your .so is corrupt or wrong bit-ness). Joe Lewis -- http://www.silverhawk.net/
Re: Module External Configuration
On Tue, 2011-06-21 at 16:26 -0500, Jason Funk wrote: One last question about shared memory... I have my configuration now being loaded successfully into a shared memory segment.. now my problem is that someone could change the config so that the resulting structure wouldn't fit in the shared memory segment. Is it possible to in the child replace my current shared memory segment with a bigger one? I tried destroy()ing and then create()ing but that resulted in a segfault. Should it have worked? Is there a different way? Jason segfaults are good indicators of pointers pointing to the wrong things. It will work if you do it right. Is your pointer to the shared memory in shared memory? Or do the clients have their own pointer that might change if the data in shm changes location? You might have to shm the pointer to a separate shm segment, and then after reading in a new config, change the shm pointer to point to the new one and destroy the old config. Don't touch the pointer aside from changing where it points to. Joe Lewis -- http://www.silverhawk.net/
Re: adding and editing response headers in conf
On Thu, 2011-06-16 at 12:32 -0400, Shawn Ligocki wrote: On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: Can I get this response just by changing the configuration of apache? Header edit cookie_name(.*)domain=[^;]+(.*) cookie_name$1domain=.domain.net$2 does not help as it only moves the cookie from one domain to the other and I want it copied, not moved. That is really how it should be. A second header of the same name isn't really allowed in the specification. I believe the HTTP spec does allow multiple Set-Cookie HTTP headers: From RFC 2616, Section 4.2http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5 : Multiple message-header fields with the same field-name *may* be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy *must not* change the order of these field values when a message is forwarded. Sorin, there is your answer. Set the header to a single value containing both cookies. Thanks, Shawn! Joe -- Director - Systems Administration http://www.silverhawk.net/
Re: adding and editing response headers in conf
On Thu, 2011-06-16 at 18:57 +0200, Sorin Manolache wrote: On Thu, Jun 16, 2011 at 18:41, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 12:32 -0400, Shawn Ligocki wrote: On Thu, Jun 16, 2011 at 11:57 AM, Joe Lewis jle...@silverhawk.net wrote: On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: Can I get this response just by changing the configuration of apache? Header edit cookie_name(.*)domain=[^;]+(.*) cookie_name$1domain=.domain.net$2 does not help as it only moves the cookie from one domain to the other and I want it copied, not moved. That is really how it should be. A second header of the same name isn't really allowed in the specification. I believe the HTTP spec does allow multiple Set-Cookie HTTP headers: From RFC 2616, Section 4.2http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.4.2.p.5 : Multiple message-header fields with the same field-name *may* be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy *must not* change the order of these field values when a message is forwarded. Sorin, there is your answer. Set the header to a single value containing both cookies. Thanks, Shawn! Thanks, I've tried, but it does not work. First, Firefox seems to simply ignore the second cookie. I do Set-Cookie: a=1,b=2 and I see only a=1 in my cookie collection. Second, there's the problem with expires. Typically its syntax is Mon, 15-Aug-2011 10:00:00 GMT, i.e. it contains a comma. So I think that Set-Cookie does not satisfy the condition It *must* be possible to combine the multiple header fields into one field-name: field-value pair, without changing the semantics of the message Sorin That's the Netscape spec, and a lot of browsers (Firefox by nature is in this category due to it's ancestry) choose to implement that. If the comma doesn't work, you might have to resort to the javascript or the location bounce to get the second header. The problem with the native C approaches to adding a second header is that it uses the apr_table_* functions, which overwrite what is in there when a new one is set. Joe -- Director - Systems Administration http://www.silverhawk.net/
Re: adding and editing response headers in conf
On Thu, 2011-06-16 at 17:46 +0200, Sorin Manolache wrote: Hello, I have a content generator that sets a cookie on a domain. I know the cookie name and the domain name, they never change. However the cookie value and expiration time vary. I would like to add the cookie with same name and value, and optionally the same expiration time to a second domain. Is there a way to do it just by configuring apache and its standard modules? I do not want to _edit_ the Set-Cookie header. I want to _add_ a second Set-Cookie header that is identical to the first with the exception of the domain. Here's an example: The content generator gives the response Set-Cookie: cookie_name=cookie_value; domain=host.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT I want the response Set-Cookie: cookie_name=cookie_value; domain=host.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT Set-Cookie: cookie_name=cookie_value; domain=.domain.net; expires=Mon, 20 Jun 2011 10:00:00 GMT Can I get this response just by changing the configuration of apache? Header edit cookie_name(.*)domain=[^;]+(.*) cookie_name$1domain=.domain.net$2 does not help as it only moves the cookie from one domain to the other and I want it copied, not moved. That is really how it should be. A second header of the same name isn't really allowed in the specification. I realize that some CGI tools successfully add it in, and browsers do try to handle multiples, but it isn't supposed to happen. Two viable options : Print one header with a 302 in order to force the browser to make a second request that we can get the other cookie into. Respond with javascript that sets the cookie for the second domain. Joe -- Director - Systems Administration http://www.silverhawk.net/
Re: Kill a request nicely
On Wed, 2011-06-15 at 13:11 -0500, Jason Funk wrote: User Makes Request- Web Server processes and generates output - My module analyzes ouput determines whether it should be passed back to the user or not. Sounds like you have the right one, an output filter. However, should it really just delete the content it is checking for, rather than to try and force an error response to the browser? Or are you trying to end with a 403 forbidden? There should be output filters that can change things BEFORE the headers are sent (see AP_FTYPE_RESOURCE). PHP is one of those that behave this way. Remember though, that sending a bucket brigade on to the next filter may result in the headings being sent. If you use an output filter, loop through the buckets (don't flatten them) to ensure everything is okay, before passing to the next filter. If not, you can create a new bucket brigade and send that on. Joe Lewis -- Director - Systems Administration http://www.silverhawk.net/
Re: [mod_rewrite] Convert POST to GET
henryccsf wrote: Hi, Due to our backend implentation limitation, I need to convert POST request to GET in our proxy server running apache2.2. I read that mod_rewrite can't do it alone since POST variables are not accessible. I have looked at apache2::POST200 and doesn't understand how it can apply to solve my problem. Does anyone here have experience handling this kind of situation? Thanks in advance! I would have solved that trouble by creating a content generator module, read the POST data, and create a sub request (could be a proxy request). One thing you will need to be aware of is the GET data will have to be limited. It's one of the reasons why POST came into existence. Joe -- Joe Lewis
Re: Doing a subrequest with ap_run_sub_req
On May 6, 2010, at 8:40 AM, Some Guy wrote: I wanted to do something similar, but the Apache 2 APIs require a request_rec* in the lookup_uri method. Tracing the code in request.c, it uses the passed in request_rec* in make_sub_request. The example Joe provided won't compile, and the request_rec can't be NULL otherwise the code will segfault. Any other ways to do this? There are many ways - you can use libCURL to make the request, or you can revisit the two code examples I gave you. One was from my memory, then realizing I had forgotten a lot of it, I scraped some code from a functional module. Did you notice both examples? The bottom one was just to point you in the right direction. I have simplified the other one that I had scraped from a functional module, and stuffed it into a fresh module generated by apxs -g -n subrequest, and it compiled quite nicely. The diff : 47a48,55 request_rec *subr; int return_code; subr = ap_sub_req_lookup_uri(/index.html,r,NULL); if ((subr != NULL) (subr-status == HTTP_OK)) { return_code = ap_run_sub_req(subr); ap_destroy_sub_req(subr); } I am presuming you copied and pasted my over simplified example at the bottom of my response rather than using the top code section. On Tue, Apr 20, 2010 at 4:35 PM, Joe Lewis j...@joe-lewis.com wrote: ((template_context *)f-ctx)-include_r = ap_sub_req_lookup_uri(uri,f-r,((template_context *)f-ctx)-include_filter); apr_table_setn(((template_context *)f-ctx)-include_r-notes,TEMPLATE_OVERRIDE_PARSER,-); if template_context *)f-ctx)-include_r != NULL) (((template_context *)f-ctx)-include_r-status == HTTP_OK)) { #ifdef DEBUG ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f-r, mod_template: mod_template_include() - calling ap_run_sub_req()); On Apr 20, 2010, at 2:20 PM, markus.l...@dlr.de markus.l...@dlr.de wrote: Hi. Can I build a request completely free and send it with ap_run_sub_req? I could not find any good documentation or examples. Thanks Markus
Re: Doing a subrequest with ap_run_sub_req
On May 6, 2010, at 4:22 PM, Some Guy wrote: What we want to do is create the subrequest (or maybe just a request) without any previous request_rec* object. At least that is what I figured markus meant when he said build a request completely free. From the APIs, this does not seem possible, and using libCurl may be the better solution. Question: when is the code being called? On an incoming request? Or is this something you are trying to do with a pool clean up? Or init? Since this is an apache module, it will have some sort of a hook, most can work (e.g. filters will still have a request). So, if you don't have a request_rec structure anywhere because you are using the sub_request to log something to log something on a hook that has nothing to do with an incoming connection, it comes down to you building and populating the request_rec from scratch or using libcurl. It really depends on your ultimate objective here. Joe On Thu, May 6, 2010 at 12:40 PM, Joe Lewis j...@joe-lewis.com wrote: On May 6, 2010, at 8:40 AM, Some Guy wrote: I wanted to do something similar, but the Apache 2 APIs require a request_rec* in the lookup_uri method. Tracing the code in request.c, it uses the passed in request_rec* in make_sub_request. The example Joe provided won't compile, and the request_rec can't be NULL otherwise the code will segfault. Any other ways to do this? There are many ways - you can use libCURL to make the request, or you can revisit the two code examples I gave you. One was from my memory, then realizing I had forgotten a lot of it, I scraped some code from a functional module. Did you notice both examples? The bottom one was just to point you in the right direction. I have simplified the other one that I had scraped from a functional module, and stuffed it into a fresh module generated by apxs -g -n subrequest, and it compiled quite nicely. The diff : 47a48,55 request_rec *subr; int return_code; subr = ap_sub_req_lookup_uri(/index.html,r,NULL); if ((subr != NULL) (subr-status == HTTP_OK)) { return_code = ap_run_sub_req(subr); ap_destroy_sub_req(subr); } I am presuming you copied and pasted my over simplified example at the bottom of my response rather than using the top code section. On Tue, Apr 20, 2010 at 4:35 PM, Joe Lewis j...@joe-lewis.com wrote: ((template_context *)f-ctx)-include_r = ap_sub_req_lookup_uri(uri,f-r,((template_context *)f-ctx)-include_filter); apr_table_setn(((template_context *)f-ctx)-include_r-notes,TEMPLATE_OVERRIDE_PARSER,-); if template_context *)f-ctx)-include_r != NULL) (((template_context *)f-ctx)-include_r-status == HTTP_OK)) { #ifdef DEBUG ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f-r, mod_template: mod_template_include() - calling ap_run_sub_req()); On Apr 20, 2010, at 2:20 PM, markus.l...@dlr.de markus.l...@dlr.de wrote: Hi. Can I build a request completely free and send it with ap_run_sub_req? I could not find any good documentation or examples. Thanks Markus
Re: dynamic module versioning
On Apr 26, 2010, at 7:33 AM, alin vasile wrote: Hi, How I can accomplish the dynami9c module versioning? For example I want to deliver mod_x.so.1.0.1. Where do I need to specify the version 10.0.1? Thanks, Alin So, create a tar ball entitled mod_x-10.0.1.tgz or something similar. Apache isn't going to care one way or another. The only cares for versioning are what you've compiled the module against, and any visual cues (e.g. the filename, or just defining a version string and using that. e.g. : #define MOD_X_VERSION 10.0.1 Then, wherever you want to attach the version string, just add the MOD_X_VERSION. Remember, apache doesn't care. If you want a resulting mod_x.so.10.0.1, just rename the .so file. apxs is just going to build the .so. Doing this will be the rare case, though. Do at your own risk. Joe
Re: Doing a subrequest with ap_run_sub_req
((template_context *)f-ctx)-include_r = ap_sub_req_lookup_uri(uri,f-r,((template_context *)f-ctx)-include_filter); apr_table_setn(((template_context *)f-ctx)-include_r-notes,TEMPLATE_OVERRIDE_PARSER,-); if template_context *)f-ctx)-include_r != NULL) (((template_context *)f-ctx)-include_r-status == HTTP_OK)) { #ifdef DEBUG ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f-r, mod_template: mod_template_include() - calling ap_run_sub_req()); On Apr 20, 2010, at 2:20 PM, markus.l...@dlr.de markus.l...@dlr.de wrote: Hi. Can I build a request completely free and send it with ap_run_sub_req? I could not find any good documentation or examples. Thanks Markus I learn by reading a lot of examples. So, a very simple example : request_rec *req; intretval; ap_filter_t *filters; filters = NULL; req = ap_sub_req_lookup_uri(/robots.txt,filters); retval = ap_run_sub_req(req); Note that it sends the data back to the client, so if you are trying to capture the output of the sub request, you will have to create a filter that doesn't pass, but simply gathers the info. Joe
Re: DSO question
On Tue, March 9, 2010 6:43 am, Graf, László wrote: I have a shared library containing a function to calculate a multiple of 10. The header file (apr_dso_f.h): int f10(int p1); I use this library with an APR console application and it woks fine. OK. My module loads also this SO library at start-up. What I would like to have is when I access the URL /gl/f10?p1=2 to call the function f10 with 2 as parameter..., calculate the result and generate the HTML content containig 20. This means that, when I have the function's name (f10) and the parameter's value (2) from the request string I need to evaluate a statement like int n; n = f10(2); like EVAL in Perl or JavaScript and use then the n like a C variable. Is that possible? Can somebody help me? Yes. Programming 101. If using C, I'd reading up on the following things : Understand how to parse the request_rec-args (QUERY_STRING) to get the param. Read up on atoi to convert the text param value into an integer call directly the n = f10(variable); Joe
RE: Fighting with build process 2.2.x on Sparc Solaris 10
On Fri, March 5, 2010 3:41 pm, Thomas, Peter wrote: Getting further [in addition to pulling down the obvious additional dependency, libnet]: [snip] Undefined first referenced symbol in file __divdi3server/.libs/libmain.a(util_time.o) (symbol belongs to implicit dependency /usr/local/lib/libgcc_s.so.1) __moddi3server/.libs/libmain.a(util_time.o) (symbol belongs to implicit dependency /usr/local/lib/libgcc_s.so.1) __ashldi3 server/.libs/libmain.a(core.o) (symbol belongs to implicit dependency /usr/local/lib/libgcc_s.so.1) __ashrdi3 server/.libs/libmain.a(core.o) (symbol belongs to implicit dependency /usr/local/lib/libgcc_s.so.1) ld: fatal: Symbol referencing errors. No output written to httpd Those undefined symbols errors talk about the symbol belonging to an implicit dependency, libgcc_s.so.1. A quick google search shows that you are having trouble with libgcc.a. Just an additional note, you might want to try the users list, not the third-party modules devel list. That list will relate much better to compiling apache rather than to developing modules. Joe
Re: Multiple handlers for the same directory/location
Hi All, I'm looking into whether it's possible to reliably use multiple complimentary modules to handle the same directory or location. The basic idea is to create separate modules that might be individually reusable (e.g. one handles GETs, another might handle PUT and DELETE). The obvious (naïve) approach that comes to mind is something like: - Each registers with ap_hook_handler() - Multiple Directory/Location directives, each with its own SetHandler - In this scenario, the last configuration merged in wins (that's the SetHandler value that r-handler will have on an incoming request) However, since it's good practice to check handler name in the request and decline if it's not yours, the second handler would be prevented from ever processing anything. I can also imagine making this work by modifying (at least) one of the handlers so that it isn't configured via SetHandler, and instead uses a different directive (a la mod_dav's DAV on). In this scenario, I could use ap_hook_fixups() to do check that this is a request I really want, and set r-handler there. Before I try this out, I just wanted to find out if there are established practices for accomplishing something like this, or if there are enough problems that I should just not attempt it. One problem that I can think of offhand is that this probably makes it difficult to implement OPTIONS support properly. Any input would be much appreciated. Thanks, curt Sounds like you are looking for more of a configuration rather than a coding. See the LIMIT section for more info. Programmatically, just return declined if you don't want your handler to process the request. Joe
Re: Linking in libraries to Apache Module
Devin Ceartas wrote: The logic of my SQLite code works if I compile it as a stand-alone executable. My mod_hello.c compiles and loads/works fine without the SQLite code Combining the two, the module compiles and is installed, but the apache process dies immediately (core dump) every time it is loaded. Stripping out all the SQLite code and simply linking against SQLite causes this problem. In other words, with the same code: apxs -cia -L/usr/local/lib -I/home/devin mod_hello.c /* Works Fine, prints hello world */ apxs -cia -L/usr/local/lib -I/home/devin -lsqlite3 mod_hello.c /* compiles but dies on apache load */ The platform is OpenBSD 4.6 with the platform's version of Apache 1.3 and SQLite 3.6.20 downloaded from the SQLite site and compiled from source Since I'm just getting started with C apache modules, I assume I'm missing something basic. If using a Linux-based system, I'd suggest ensuring that ld.so.conf is setup to point to the directory or that the compile has the runtime path for the sqlite library. For example, I have added -rpath /usr/local/lib -rpath /usr/local/lib/mysql to my -L parameters for apxs to load mySQL external modules dynamically in the past. Linux-based systems also have an strace command that may be used to figure out what libraries are missing. -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ (801) 660-1900 /Rights that do not flow directly from duty well performed are not worth having. --Mohandas K. Gandhi/
Re: Debugging: child process 14446 still did not exit, sending a SIGTERM
Michael B Allen wrote: I have a customer who very occasionally sees apache workers hang. I'm pretty sure this is caused by an errant module but I don't know which one. Is there any way to determine which module is causing Apache workers to hang? Can I temporarily disable that SIGTERM so that I can have enough time to attach GDB to the hanging processes? Mike Perhaps run it in a non-forking mode (httpd -X -k start) inside of gdb and see what it hangs on? Joe -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ (801) 660-1900 /Computers in the future may weigh no more than 1.5 tons. --JPopular Mechanics, forecasting the relentless march of science, 1949/
Re: Debugging: child process 14446 still did not exit, sending a SIGTERM
Michael B Allen wrote: On Fri, Oct 16, 2009 at 1:10 PM, Joe Lewis j...@joe-lewis.com wrote: Michael B Allen wrote: I have a customer who very occasionally sees apache workers hang. I'm pretty sure this is caused by an errant module but I don't know which one. Is there any way to determine which module is causing Apache workers to hang? Can I temporarily disable that SIGTERM so that I can have enough time to attach GDB to the hanging processes? Mike Perhaps run it in a non-forking mode (httpd -X -k start) inside of gdb and see what it hangs on? If I run it in gdb like you suggest: # gdb httpd (gdb) run -X -k start I cannot get httpd to run module deinitialization. Meaning if I do apachectl stop or httpd -X -k stop or graceful-stop in another terminal, it just kills the whole process group. Since the problem is hanging during module deinitialization I don't think this is going to help me. How do I shutdown httpd so that it runs the module deinitialization routines? Otherwise does anyone have a web-svn pointer to the code that's calling the SIGTERM? Maybe I can find a way to disable it. Mike Disabling SIGTERM for apache would be akin to leaving the landing gear of your airplane on the ground when you take off. How are you going to properly shutdown apache if you completely kill the SIGTERM signals? The deinitialization - are you just not seeing the messages you'd normally see? Or did apache just terminate (which is normal in gdb, which causes the gdb session to terminate as well). Two possibilities - gdb and attach to a currently running child (and hope you get lucky), or strace the processes. -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ /The folly of intelligent people, clear-headed and narrow-visioned, has precipitated many catastrophies. --Alfred North Whitehead/
Re: Debugging: child process 14446 still did not exit, sending a SIGTERM
Michael B Allen wrote: On Fri, Oct 16, 2009 at 2:42 PM, Joe Lewis j...@joe-lewis.com wrote: Michael B Allen wrote: On Fri, Oct 16, 2009 at 1:10 PM, Joe Lewis j...@joe-lewis.com wrote: Michael B Allen wrote: I have a customer who very occasionally sees apache workers hang. I'm pretty sure this is caused by an errant module but I don't know which one. Is there any way to determine which module is causing Apache workers to hang? Can I temporarily disable that SIGTERM so that I can have enough time to attach GDB to the hanging processes? Mike Perhaps run it in a non-forking mode (httpd -X -k start) inside of gdb and see what it hangs on? If I run it in gdb like you suggest: # gdb httpd (gdb) run -X -k start I cannot get httpd to run module deinitialization. Meaning if I do apachectl stop or httpd -X -k stop or graceful-stop in another terminal, it just kills the whole process group. Since the problem is hanging during module deinitialization I don't think this is going to help me. How do I shutdown httpd so that it runs the module deinitialization routines? Otherwise does anyone have a web-svn pointer to the code that's calling the SIGTERM? Maybe I can find a way to disable it. Mike Disabling SIGTERM for apache would be akin to leaving the landing gear of your airplane on the ground when you take off. How are you going to properly shutdown apache if you completely kill the SIGTERM signals? SIGTERM should not be used to stop processes. A process should complete gracefully and call exit(2). Normally, this is what httpd does. However if a child process takes too long, something is sending a SIGTERM to *kill* the process. I assume this is Apache since it's writing a message in error_log to that effect. This is what I want to disable. Meaning, if a child process hangs, I want it to just sit there stuck forever until an operator can login and attach gdb to it. If I could find that part of the code, I might find a directive that controls how long Apache waits before it sends the SIGTERM. The deinitialization - are you just not seeing the messages you'd normally see? Or did apache just terminate (which is normal in gdb, which causes the gdb session to terminate as well). Right. I have an Apache module that writes to a separate log. When the module is deinitialized, information is written to the log. Without gdb, that information is correctly written to the log. When running in gdb, nothing is written to the log. It seems the entire process group is simply being killed. And thus the part of interest is not accessible. Mike The SIGTERMS are occurring because apache has already attempted to stop a process gracefully, and it isn't stopping. Rather than endlessly try and gracefully shutdown a child process, apache will presume that the process is just not going to respond. You can always try the worker MPM rather than the prefork MPM. As it stands, from the sound of the problem and the rarity of it (your previous descriptions), you are going to be hit and miss on tracking it down. You could potentially recompile all of the modules and apache itself (placing debug log lines in each one), but the problems may actually go away in that case. Especially if you switch versions. I do know that some distributions' versions of apache exhibited behavior similar to what you have described (specifically, SuSE), so I don't know if compiling a new version would alleviate the customer gripe. I only have two real suggestions : strace the processes, and hope the hard drive is big enough to capture the output from strace until the problems are encountered, or try upgrading the version of Apache. Joe -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ /With every passing hour our solar system comes forty-three thousand miles closer to globular cluster 13 in the constellation Hercules, and still there are some misfits who continue to insist that there is no such thing as progress. --Ransom K. Ferm/
Re: Run Subrequest
Jens Frey wrote: Hi all, i am trying to run a subrequest to a URI which get's proxied to check the return code of the machine the proxy points to (e.g. 200, 500). The problem now is that the proxy module answers the request, but the content i want to send is omitted, so the question is, how can i avoid that mod_proxy responds and instead my response is written, any ideas? I have done this before. The way I accomplished this was to place a filter into the subrequest that copies the data into a structure you have for it, and doesn't pass the brigade on to the regular filters. e.g. : static apr_status_t include_output_filter(ap_filter_t *f, apr_bucket_brigade *bb) { [loop through the buckets to get what you want, calling APR_BUCKET_REMOVE() after each] } Then, in your include function : ctx-include_filter = apr_palloc(f-r-pool,sizeof(ap_filter_t)); ctx-include_filter-ctx = current_filter; ctx-include_filter-next = NULL; (ctx)-include_filter-r = f-r; (ctx)-include_filter-c = f-r-connection; (ctx)-include_filter-frec = apr_palloc(f-r-pool,sizeof(ap_filter_rec_t)); memset((ctx)-include_filter-frec,0,sizeof(ap_filter_rec_t)); (ctx)-include_filter-frec-name = MYMOD-INCLUDE-WRAPPER; (ctx)-include_filter-frec-filter_func.out_func = include_output_filter; (ctx)-include_filter-frec-next = NULL; (ctx)-include_filter-frec-ftype = AP_FTYPE_RESOURCE; (ctx)-include_r = ap_sub_req_lookup_uri(uri,f-r,(ctx)-include_filter); This should give you what the subrequest returned, and since you use your own output filter that doesn't pass anything on, it won't send anything to the client. Joe -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ /Some say the glass is half empty, some say the glass is half full, I say, are you going to drink that? --Lisa Claymen/
Re: process initialisation in prefork-MPM
If only you had read the signature of the e-mail you just responded to regarding top-posting, your question would have appeared below the thread indicating that it does belong in this thread. ricardo13 wrote: HI, One question. How do I declare global variables ?? Thank you Ricardo Sorin Manolache wrote: On 2008-12-22, Andrej van der Zee andrejvander...@gmail.com wrote: Hi, I need to initialise some structures for each process (in prefork MPM) when it is created, and need to be able to access these structures in ap_hook_post_read_request and ap_hook_log_transaction handlers. I would like to initialise the structures before the first HTTP request is being served by the process. How should I do this? You hook child_init (ap_hook_child_init) and store your data in global variables that are accessed by post_read_request and log_transaction. S -- A: Because it reverses the logical flow of conversation. Q: Why is top-posting frowned upon? A: Top-posting. Q: What is the most annoying thing in e-mail? Here we go. Global variables. In the prefork MPM, you are going to have to use shared memory segments. When you start, the first time you run your post config, create a shared memory segment. Then, on the other post configs (from inside of each process), attach to the shared memory handle, and set a local variable to your shared memory structure. Joe -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ (801) 660-1900 /Honolulu - it's got everything. Sand for the children, sun for the wife, sharks for the wife's mother. --Ken Dodd/
Re: Probably OT. Difficulty implementing content handler Apache2
Bernard T. Higonnet wrote: Here's my system FreeBSD 7.1-RELEASE #0 Apache/2.2.8 (Unix) PHP/5.2.10 mod_perl/2.0.4 Perl/v5.8.8 I'm trying to create a content-handler. I know that Apache finds the handler because if there's a syntax error in the perl, Apache reports the error. If however, there is no syntax error, everything falls into a deep dark hole: the browser (Firefox 3.0a2 under FreeBSD and Firefox 3.5 under XP) shows a beautiful empty screen while both access and error logs for Apache have no knowledge of the request. IE6 under XP says This page cannot be displayed and asserts a server or DNS error. So I conclude that Apache sends nothing at all back to the browser. I know the feeling all too well. This happens no matter what the code is, code which I have lifted from the Internet such as http://cpansearch.perl.org/src/GOZER/mod_perl-2.0.1/docs/os/win32/config.pod) or http://www.gossamer-threads.com/lists/modperl/modperl/99882 The Apache conf file has this in it Location /public/footer SetHandler modperl PerlResponseHandler Apache2::Footer /Location I apologize for mailing to this list but have not found a better a place... TIA Bernard Higonnet After a few minutes of searching for some example code and slapping it together, I have an apache configuration that demonstrates the use of mod_perl : _CODE_START LoadModule perl_module modules/mod_perl.so PerlResponseHandler Apache2::example SetHandler modperl Perl package Apache2::example; use 5; use strict; use Apache2::RequestRec; use Apache2::RequestIO; use Apache2::Const -compile = qw(DECLINED OK LOG_DEBUG); use Apache2::Log -compile = qw(LOG_MARK); use APR::Const -compile = qw(ENOTIME); sub handler { my $r = shift(); # $r-log_rerror(Apache2::Log::LOG_MARK, Apache2::Const::LOG_DEBUG, APR::Const::ENOTIME, debug print); $r-log_error(debug print); if ($r-uri =~ m%^/my/uri/to/test%) { $r-content_type('text/html'); $r-puts(END); HTMLBODY H3Hello/H3 Hello from Bthis/B! /BODY/HTML END return Apache2::Const::OK; } return Apache2::Const::DECLINED; }; 1; /Perl _CODE_FINISH Just paste that into a .conf file and include the .conf file into your apache. Then, restart, and point a web browser to your server using the URI of /my/uri/to/test (e.g. http://example.com/my/uri/to/test). You should get a simple hello!, and see a debug print in your apache log file. Keep in mind, with a module name like Apache2::Footer, you probably want it to alter the content of a page to add a footer rather than create the complete content. The replies in the one thread you provided a link to mention content-handlers versus filters, but I think they meant content generators instead of handlers. The above is a content generator, not a filter, and as such may not be what you need, but should give you a good starting point. Joe -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ (801) 660-1900 /You hear people say it's not about the money? That's bull. I'm doing it for the money. -- John Kruk on accepting a job hosting a TV show on Fox Sports Net/
Re: [REALLY OT] How good is the mod_dosevasive default
Elison Smith wrote: Any experience how good this default works for the average website? I would prefer to not spend time making changes to this default. Thanks! Not a clue. We program on this list, not configure. The problem about how well the default settings perform for you depends on too many variables, and an in-depth knowledge of that particular module. I've never looked at the code, but the variables will include things like how many hits the webserver is going to take (rate), how much data is going to be transferred (volume), how much memory and it's speed, CPU processing power, disk I/O, mother or daughter boards, network connectivity speeds, limits, what connections are firewalled... I think you get the idea. No configuration is going to be alike. Your special case would require time, and experience with your special case. I always suggest starting with the defaults, and then modifying them as needed. Defaults are usually intended for generic and multi-purpose configurations. You can open up the source for the module and review it to see it's logic. If you have questions about the code and what things do, just ask, but always include the excerpt of code (you get farther by not asking someone to go out and find the thing, download it, etc). If you have questions about configuration, there are much better lists for those questions. Joe
Re: Module segfault on Ubuntu apache
Fabio Zund wrote: However, when I compile and test the module on the apache (also version 2.2.11) that comes with Ubuntu 9.04, all i get are segfaults. Does anyone know differences between the original apache and the Ubuntu apache version? What in my module could cause such errors? Unfortunately, I have never looked at the sources and patches used on ubuntu. I would suggest looking at the patches they include with their source installation. I think that would be a very good place to start. Additionally, debugging tools (e.g. gdb) might be a very good place to start. Your hints for the day : run gdb httpd (or whatever binary is used to start it, make sure you use the BINARY and not an init script), and then at the gdb prompt, enter run -X - this starts the binary in a single-instance mode. Point the browser to it and generate the errors. Then type bt to get a back trace. Outside of that and looking at the patches, I am unable to help. Joe
Re: error in the auth code? (I think I found the key piece of info)
Sam Carleton wrote: Ok, I think in my last email I covered up the actual problem by adding a CRLF. In the apache log file I am getting this: Invalid URI in request s:Envelope xmlns:s= http://schemas.xmlsoap.org/soap/envelope/;s:Body xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd= http://www.w3.org/2001/XMLSchema;getNode xmlns=urn:mmpp:catalogmgrnodeId xmlns=/ignoreActiveFlag xmlns=true/ignoreActiveFlaguserId xmlns=Sam/userId/getNode/s:Body/s:EnvelopePOST /axis2/services/CatalogMgr HTTP/1.1 If you look at the very end, there is the beginning of the second request: POST /axis2/services/CatalogMgr HTTP/1.1 How can these two requests get run together like this? Is some buffer in my Apache module not getting cleared correctly or is the client doing this? Remember the client is simply WCF C#. Sam I expect that the client is doing this. Since you are using C#, it will try and make every request under the same connection. With what you have described, it is more than likely a problem with the client trying to run things together. I'd try and force it to HTTP 1.0 (if you can) on the client side. That will force subsequent requests to the same server to create new TCP connections, rather than reusing. If that does work, then it is definitely in the client trying to bleed stuff together and not buffering properly. (That is actually what I expect). Joe
Re: error in the auth code? (I think I found the key piece of info)
Sam Carleton wrote: Ok, I think in my last email I covered up the actual problem by adding a CRLF. In the apache log file I am getting this: Invalid URI in request s:Envelope xmlns:s= http://schemas.xmlsoap.org/soap/envelope/;s:Body xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd= http://www.w3.org/2001/XMLSchema;getNode xmlns=urn:mmpp:catalogmgrnodeId xmlns=/ignoreActiveFlag xmlns=true/ignoreActiveFlaguserId xmlns=Sam/userId/getNode/s:Body/s:EnvelopePOST /axis2/services/CatalogMgr HTTP/1.1 If you look at the very end, there is the beginning of the second request: POST /axis2/services/CatalogMgr HTTP/1.1 How can these two requests get run together like this? Is some buffer in my Apache module not getting cleared correctly or is the client doing this? Remember the client is simply WCF C#. Sam One more note. If you are doing some input filtering, you might be the new request to the old filter data (tacking it onto the end of a pre-existing variable you had defined on a previous request). That might explain it from a server-side. The client side suggestions still stand, though it could be both. Joe
Re: error in the auth code?
Sam Carleton wrote: When I set a breakpoint on the my ap_hook_access_checker function to check the path, like a 2 second pause, than remove the breakpoint, the call to the Axis2/C code is just fine. When there is no pause I get an error 400. The only times I've ever seen a bad request is when I have manually typed the request method in wrong (e.g. I used lowercase instead of uppercase, and the request method was not recognized). If I were you, I'd drop some logging lines in to try and track down exactly where your module gets to (and if it really gets there), because this is such an odd one. Joe Lewis
Re: Regarding setup modules for server 2.2
fortanu82 wrote: Hi I have to completely replace the Apache 1.3 HTTP server with Apache 2.2. In Apache 1.3 modules like mod_fastcgi, mod_perl and mod_oprocmgr are present. Now I just wanted to confirm two things, 1) If our application does not use any CGI or perl scripts, Is it necessary to have the modules like mod_perl and mod_fastcgi to be present in the sever. Wrong list. This is a programming list, not the user list. But just so you don't go away empty handed, your application only requires mod_perl or mod_fastcgi if you hook into them from your apache module. 2) mod_oprocmgr is configured in Apache 1.3 and when I am looking to configure the mod_oprocmgr for Apache 2.2, the module (.so) file is not present. Now my question is - Is this module not required in Apache 2.2? If it is required, how could I install and configure this module. Apache is not allowed to release an oracle-specific module. You will have to install this on your own. Thanks! Joe -- Joe Lewis /Whenever people agree with me I always feel I must be wrong. --Oscar Wilde (1854-1900):/
Re: Set-Cookie
Marco Spinetti wrote: Thanks very much. So I have to use: apr_table_add(r-headers_out, Set-Cookie, co); apr_table_add(r-headers_out, Set-Cookie, co1); Rather than playing with a proxy or fireway gateway that could remove one of your set cookie headers (because you have multiple), you may want to combine the cookies into one. See the Message Headers section for more information : http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 Joe Best regards. Marco Rainer Jung ha scritto: On 26.03.2009 10:07, Marco Spinetti wrote: Ok, I have to use apr_table_add instead od apr_table_set. So I should write: apr_table_add(r-headers_out, Set-Cookie, co); apr_table_add(r-headers_out, Set-Cookie, co1); If I write: apr_table_set(r-headers_out, Set-Cookie, co); apr_table_merge(r-headers_out, Set-Cookie, co1); is it right? What are the differences between the two approches? browser compatibility? Best regards Marco Whether to merge or add http://apr.apache.org/docs/apr/1.3/group__apr__tables.html depends on whether you need the various (header) values to get concatenated with , in between and the header send only once, or you want the headers multiple times, each time with a different value. What's right depends on the spec that defines the header. Set-Cookie requires the header once for each cookie to set. Regards, Rainer -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ (801) 660-1900 /If gun laws in fact worked% the sponsors of this type of legislation should have no difficulty drawing upon long lists of examples of crime rates reduced by such legislation. That they cannot do so after a century and a half of trying--that they must sweep under the rug the southern attempts at gun control in the 1870-1910 period% the northeastern attempts in the 1920-1939 period% the attempts at both Federal and State levels in 1965-1976--establishes the repeated% complete and inevitable failure of gun laws to control serious crime. --Senator Orrin Hatch% Chairman% Senate Judiciary Committee Subcommittee on the Constitution% 97th Cong.% 2d Sess.% The Right to Keep and Bear Arms% Committee Print I-IX% 1-23 (1982)./
Re: post_config on reload
Sorin Manolache wrote: On Fri, Mar 13, 2009 at 16:21, Andrej van der Zee andrejvander...@gmail.com wrote: Hi, Do not do this - a restart should be a restart, not a half of a restart. You should be reinitializing whatever you do on a restart as well as a start. That's the whole point. I have one phrase that should illustrate why : memory leak. For example, if your extension creates another thread or spawns another process and that other thread/process doesn't clean up on a restart and contains a memory leak, what good is restart to you? Restart has suddenly become pointless. It is good etiquette to honour the concept of a restart. Okay, point taken. My extension indeed creates a thread. How can I know that a user issues a restart? In other words, where can I kill my thread? Register a function with the cleanup of the conf pool. The conf pool is destroyed prior to a restart/kill/reload. You have an example in the code I've sent you. S Perfect answer! Unfortunately, the post_config is called twice on a restart, and with different memory pointers, so shared memory handles, mutexes, etc, those will all suddenly disappear. You'd be forced to initialize your post_config again or potentially segmentation fault the server. So, that is a good excuse to implement some extra code to handle restarting a thread anyway. Joe
Re: post_config on reload
Andrej van der Zee wrote: Hi, I was wondering if there is a solution for detecting a post_config invocation on behalf of apachctl restart instead of a clean start (in case of a restart, I do not want to initialise my stuff again). Do not do this - a restart should be a restart, not a half of a restart. You should be reinitializing whatever you do on a restart as well as a start. That's the whole point. I have one phrase that should illustrate why : memory leak. For example, if your extension creates another thread or spawns another process and that other thread/process doesn't clean up on a restart and contains a memory leak, what good is restart to you? Restart has suddenly become pointless. It is good etiquette to honour the concept of a restart. Joe
Re: Making mod_auth_digest mysql
Michele Waldman wrote: I'm doing this: RewriteEngine On RewriteCond %{REMOTE_USER} . RewriteRule ^.*$ - [S=1] RewriteRule ^.*$ http://domain/logged_out.html?%{N} [R] AuthType Digest AuthName account AuthUserFile /path/.htpasswd Require valid-user 1) The user is logged in. 2) The user logs out. 3) In ff, the user hits the backpage button. 4) The user gets a dialog box to login rather than being redirected. Michele Are you trying to get the user to be redirected if they are not logged in? It shouldn't require hacking apache or rewriting a module. Try turning off the authentication requirement for the /logged_out.html page. Then, on a 401, send them to the login page. Probably similar to : https://admin.sharktooth.org/account/ In this case, everything except the help files, and the utilities for assisting with logging in have been protected, while these resources have not. Is that what you are after? -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ (801) 660-1900 /You know there is a problem with the education system when you realize that out of the 3 R's only one begins with an R. --Dennis Miller/
Re: Making mod_auth_digest mysql
Michele Waldman wrote: There is not authentication requirement for logged_out it's in a higher directory. Okay, then. I'm afraid I am not understanding everything here. I doubt the wheel needs to be reimplemented, but it seems the push is in that direction. For my feeble mind, can you give a brief overview of what you are trying to accomplish? As I see it, you were creating a mod_auth_digest_mysql . This now feels completely different than just an authentication. -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ (801) 660-1900 /They're multi purpose. Not only do they put the clips on, but they take them off. --Pratt Whitney spokesperson explaining why the company charged the Air Force nearly $1,000 for an ordinary pair of pliers./
Re: Making mod_auth_digest mysql
Michele Waldman wrote: All the actual authentication if fine. I wouldn't rely on cookies for security. It sounds like cookies would be a fake security. I was thinking about creating a logout cookie. Then, the popup would only happen if the user hacked their cookies. Shame on them. But it seems like such a hack to me. I dread it. I'm not seeing in your example how that 401 error would be generated. What would the htaccess look like? [HTACCESS] #AllowOverride AuthConfig Order allow,deny Allow from all AuthName Protected System AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPUrl ldap://localhost/dc=localhost?mail?sub AuthLDAPBindDN cn=directoryuser,dc=localhost AuthLDAPBindPassword directoryuserpassword AuthLDAPGroupAttribute memberuid AuthCookieName VisitorID require valid-user ErrorDocument 401 /account/help/unauthorized.html RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R] [/HTACCESS] To document the file - the first stuff is actually for LDAP authentication, and mod_auth_cookie. The utility that sets the cookie never sets the cookie, on which the browser is supposed to remove it when closed. A log out is simply a cookie overwrite. However, if you wish to demonstrate your apache module programming prowess, you can always create a mod_auth_cookie module that sets a SESSION variable, and then pulls the credentials from the session data rather than from a cookie - it can be as secure as anything out on the Internet today, depending on how you configure it to go. It can be as complex or as simple as you wish to make it. (I prefer simple - it's easier to troubleshoot if you have problems.) Convoluted? -- Joe Lewis Chief Nerd SILVERHAWK http://www.silverhawk.net/ (801) 660-1900 /They give you a round bat and they throw a round ball. And tell you to hit it square. -- Willie Stargell/
Re: WELCOME to modules-dev@httpd.apache.org
dave wrote: Hi All, I'm having trouble with the server_rec-module_config variable and perhaps I am misunderstanding something. static void get_resource(void *module_config) { my_config *cfg = (my_config *)ap_get_module_config(module_config, my_module); printf(module_config: %d\n, cfg); //... } static int my_child_init(apr_pool_t *p, server_rec *s) { printf(init server_config: %d\n, s-module_config); get_resource(s-module_config); //... } static int my_handler(request_rec *r){ //... printf(request server_config: %d\n, r-server-module_config); get_resource(r-server-module_config); //... } So, how is the s-module_config being set? I hope you are creating it in the per-server config create function. Do you have that code for us to look at? Joe
Re: WELCOME to modules-dev@httpd.apache.org
dave wrote: I tried defining a merge callback for both the server level and the directory level, but that doesn't seem to change anything. -dave man...@gmail.com I understand - you are using both directory AND server side configs. directory configs do not get created until a request. And a merge should never return the same structure, meaning you should get new configs. Even the directory configs don't get created until the request comes in. In the handler, try setting two distinct variables, one to the server side and one to the directory config, and you should definitely see a difference. Well done! Joe
Re: WELCOME to modules-...@httpd.apache.org
dave wrote: Hi All, I'm having trouble with the server_rec-module_config variable and perhaps I am misunderstanding something. With your last post (the creation), it looks like you understand it well. Are you only creating one process? For example, run it with a -X parameter (to prevent fork()ing) so you can ensure that you aren't working across processes? Printing the PID along with the %d? Is the %d in the handler always the same? Joe
Re: Question about global data
Sorin Manolache wrote: On Mon, Feb 9, 2009 at 19:04, Thomas Moyer tmmo...@cse.psu.edu wrote: Is it possible to have some global data that is accessible to all request threads. Something like a socket is what I am interested in. For example, if I have a socket that opens a connection to another system, I would like to share this one open socket across all threads. If this isn't possible, what are other options for sharing something like a socket between multiple request threads. You simply declare a global variable in the source file. You open the connection either in post_config or in child_init hook. post_config is called when apache starts and each time the configuration is reloaded, and it is called before apache forks its children. post_config is called with the effective UID of the user who starts apache (typically root), while child_init is called with the effective UID defined in the User configuration directive (a non-privileged user, typically www-data or nobody). child_init is run once in each apache child upon child creation. So, in the first case, you would have one file descriptor shared by all processes, while in the second case you would have N open connections to your backend, where N is the number of apache processes. In any case, all threads in a process share the socket. S Just remember to control who writes with semaphores or mutexes - failure to do so will cause corrupt data, bad responses, etc. (BTW, I'd code this in a way that you could easily change to a proxy-type connection, where you connect to a local proxy, which controls which process/thread gets the single network socket, just in case you find that the file descriptors don't work in the way you think they do.) Joe
Re: Apache Version
John Hosie wrote: OK. I know there are good things about each. But in this day, is Apache 2 yet ready for prime time? Or are we best still using one of the flavors of Apache 1? Apache 2 is definitely ready. I think apache 2.2 is definitely ready for primetime. I'd stay away from 1.3 as it is primarily security fixes, AFAIK. Joe
Re: does ibm http server implement ALL the features of apache httpd
apache a wrote: this is what it tells on this page http://httpd.apache.org/docs/2.2/mod/mod_asis.html The contents of any file with a .asis extension will then be sent by Apache to the client with almost no changes. In particular, HTTP headers are derived from the file itself according to mod_cgihttp://httpd.apache.org/docs/2.2/mod/mod_cgi.htmlrules, so an asis file must include valid headers, and may also use the CGI Status: header to determine the HTTP response code. it says ALMOST no changes i was looking for absolutely no changes at all First, IBM is the group you wish to talk to regarding whether or not it supports, alters, etc., any data. As for the absolutely no changes, there should be absolutely no changes if you DON'T put any added modules in line (e.g. output filters, etc) into the mix. If you start playing with filters, the data can change, and it's the modules that really have control over what changes. Due to the modular form of apache, apache cannot guarantee anything. If you REALLY want absolute control, write your own web server. Again, if you desire to know what the IBM-compiled web server is capable of, please contact them. On this list, you may only get unofficial and word-of-mouth answers, which may or may not be accurate. It shouldn't take a rocket scientist to understand the concept that one should go to the producer to understand the product. Since IBM compiled it, they may have patches in there that effect the things you ask about. Joe
Re: debugging a timeout issue
Sam Carleton wrote: On Fri, May 9, 2008 at 12:23 AM, Graham Dumpleton [EMAIL PROTECTED] wrote: Since you see one request but not the second, one thing I would perhaps suggest doing is turn off KeepAlive and see if that makes a difference with the client. I am wondering, I do not see the timeout bug but my customer is seeing it. Does it make sense that the same client application configured the same way talking to Apache configured the same way might show different KeepAlive behavior? Sam Especially if it is based on a different (e.g. updated) .NET framework. The previous suggestions to utilize Wireshark or even tcpdump (if in the *nix world) will help you check the connection. IF the client has a network address translation or a firewall that ends up dropping a packet, you will see that with the network trace. (Get both halves - from the client and from the server, and compare them). -- Joseph Lewis http://sharktooth.org/
Re: perform a redirect in output filter
John Zhang wrote: I am using apache 2.0/2.2, in my output filter, I would like to have the ability to redirect. Some tests indicated that I can redirect to a page on the same site, but not to an external site. Here is my code for redirect: char* location = apr_table_get(r-headers_out, Location); //Note this Location is set by my filter during the process, so I know I need to do a redirect. if(location location[0]) { //r-status = 301; r-method = apr_pstrdup(r-pool, GET); r-method_number = M_GET; apr_table_unset(r-headers_in, Content-Length); ap_remove_output_filter(my_filter); ap_internal_redirect_handler(location, r); return APR_SUCCESS; } //tests: (if my site is http://localhost/foo) and when http://localhost/foo/bar.html (my test page)is loaded I want to redirect it to a) /foo/foo2/existing.html (works) b) http://localhost/foo/foo2/existing.html (works) c) http://www.google.com (does not work), instead I get http://localhost/foo displayed on the browser. Is there anything I did is incorrect? I noticed the method is called *internal_redirect*, but did not know another one for external redirect. An internal redirect should only work with internal redirects, and I do not know of an external. I expect that you will have to set the f-r-status to 302, and maybe return a small page saying that the doc moved. Have you uncommented the r-status line and commented out the internal_redirect line? How did that work? (Note: an output filter, probably shouldn't be calling a handler. You may want to destroy the bucket brigade, and then create a new bucket brigade with the error message.) Joe -- Joseph Lewis http://sharktooth.org/
Re: what should be done in a vhost_db module?
Robert Schulze wrote: Tom Donovan schrieb: In a threaded mpm, the same r-server struct is used by multiple requests simultaneously. It isn't safe to change anything in it on the fly. OK, thats a pity. I now tried to set several other variables (Host in r-headers_in, r-hostname, etc.) but all those settings did not set the hostname of the virtualhost. You can see that by inspecting /server-status/ and have a look at accesslogs. There will always be the main servername used instead of anything crafted from the module. In this way, this stuff is useless :-( Does anybody know, how to set the hostname for the virtualhost correctly, so that other modules might gather the correct info from the request? One more bad thing is, that one can't set the DocumentRoot without (once again) playing with the core configuration. Simply setting apr_table_set(r-subprocess_env, DOCUMENT_ROOT,/foo/var); is not enough, since that value will magically become overwritten by later work from apache :-( BTW: I looked at mod_vhost_alias, mod_vhost_dbi, mod_vhost_ldap, mod_vhost-modules to get knowledge about how to write a module and so on, so please point me to them :-) The magic all happens in the : ap_hook_translate_name hook. That is the function to examine to see what it does. -- Joseph Lewis http://sharktooth.org/
Re: Sending large file as attachment to clients
Subra A Narayanan wrote: Thanks for the replies guys. I will try ur suggestions once I get to work today. Just a few more questions: Check out the various filter/bucket brigade examples. This may do just what you want. I've used it to 'gate' the final sending for things ike throttling and keeping buggy telco bearer boxes happy. Dirk: Do you remember any filter/bucket off the top of ur head that I can look at? I would suggest perusing the source code for Nick Kew's mod_csv - a module that takes the contents of a .csv file and generates an HTML table. It utilizes bucket brigade creation. http://apache.webthing.com/mod_csv/ You should find a lot of useful bits of code in there. I'd still suggest the simple loop to see if that works better. Samuel was aiming the right direction. If you can read in pieces of the data to send, you should be able to loop over that reading a chunk of data, then sending it, then reading a chunk the same size (same block, for example), and continuing until the data has been sent. Try that to see if you obtain a different result. Joe: Do you mean this: while(!EOF) { Read chunk of data; ap_rwrite(objBuffer, bufferLen, request); } Can I use the ap_rwrite function for sending chunks of data too? Or should I be using some other function in the API for this? I will test out these suggestions and report my findings asap. Thanks! That is exactly what I meant. The ap_rwrite is a function I recently had to use for a file synchronization plugin for Apache, and it worked quite well (just my opinion, though). Test both to see which ways work faster, and which ways are just easier to understand. Joe
Re: Sending large file as attachment to clients
Subra A Narayanan wrote: Thanks for ur reply Samuel! Maybe you can read part of the blob with a function like MySQL's SUBSTR. I can easily read small chunks of data from my datastore. I guess the problem that I am trying to solve here - how to send chunks of data as a HTTP response without having to read in and store a large file/object in memory. Subra Samuel was aiming the right direction. If you can read in pieces of the data to send, you should be able to loop over that reading a chunk of data, then sending it, then reading a chunk the same size (same block, for example), and continuing until the data has been sent. Try that to see if you obtain a different result. Joe
Re: probleme with the Location tag
mohamed nadir belkhelfa wrote: Location /compressed!gzip/home/myusr/file.gz Ensure that you don't have a space between the less-than sign and location, and you may want to remove the exclamation point from the filename. If that doesn't work, try adding ap_log* lines to your location handler, just to see if you are getting there. Joe
Re: probleme with link a external library
mohamed nadir belkhelfa wrote: hello I am das new Web programming with the API apache1.3 and I want to link static library libwarc.a that I have personally created in my program mod_warc.c For this I add to my makefile (automatically generated by apxs-g-n)the line LIB = -lwarc the compilation has produced without problem and even the execution does not generate an error, My libraie contains several function and global variables (enum) The problem is that I arrived to display the content of my enum but in the moment to execute the fonction bless (this fonction call malloc for allocate the memory) NULL is returned but this fuction ( the memory is not allocated) I have try to link the library otherwise by adding the option -Wl -lwarc to apxs but i have always the same results I have tried to work with a dynamic library, I have compile my library with the option-fPIC, I create the library lbwarc.so and I added makefile the line LIB = usr/local/lib/libwarc.so but I have the same results as when the use of the library static I hope that I have clearly explained the problem. My static and dynamic library running normally if I call them in a normaly C program Please send me examples or linking static and dynamic libraries is clearly shown Thanks Should I respond twice since you sent the same message twice? I suggest looking for something like a mod_auth_mysql, which uses the MySQL client libraries, as your example. Pre-existing modules are always good. Or, visiting modules.apache.org and finding something like mod_auth_ibmdb2 and viewing the compilation package for something like EXTRA_FLAGS is always a good way. (HINT : You can always try googling for rpath, which is a common Linux method for linking to external/dynamic libraries). Or, since your desire is to open an so file, LoadFile may also come in handy (it's a directive in the configuration side of things to load an .so into the system). Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: mysql auth module
Seth Cherney wrote: OK, I signed onto this list about 4 months ago, and have never seen anything remotely close to my low level of skill posed as a Q on the list. I have been trying to rewrite a mysql login module to include more fields to check / update. Certain parts are quite easy, but, basically I could never finish since I understand nothing of controling memory use etc, and would probably wind up with mem bloat from ... How about posting the questions? We can try to walk you through things. I had a mod_sam which included about three different tables for authentication (checking a hosts table to see if they were allowed, checking the password, and also any restrictions, all from MySQL), so the resources are available to assist. (I would do this because the more people that understand a module, the easier it is for them to troubleshoot should they encounter a problem.) Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: mod_proxy chaining with a .pac file
Giovanni Donelli wrote: I am trying to make Apache follow the same rules as the browser Realize that the browser doesn't get the configurations for each website it visits, it only configures, then runs using the same configuration for every website. That means it should be easy to create a simple module that has a single configuration directive that points to the next proxy in the chain, something like WPADConfiguration http://secondproxyserver.example.com/my-proxy-file.pac And then just configure mod_proxy, mod_proxy_http, and create a handler that prefaces all URL's with the proxy: string, set the proxyreq setting in the request_rec to an appropriate value, and return 1 to allow mod_proxy to handle the rest of it. Joe On Jan 23, 2008 2:34 PM, Joe Lewis [EMAIL PROTECTED] wrote: Giovanni Donelli wrote: Take this pac file: $ curl http://wpad.wws.lan/wpad.dat function FindProxyForURL(url, host) { // simple hostname if (dnsDomainLevels(host) == 0) {return DIRECT;} // match Host against local domains (w/ optional :port) var dom = /(127\.\d+\.\d+\.\d+|\.wws\.lan\.?|\.local\.?)(:\d+)?/; if(dom.test(host)) { return DIRECT; } // All other requests go through port 8080 of proxy // should that fail to respond, go direct: return PROXY proxy.wws.lan:8080; DIRECT; } Obviously the browser needs to evaluate the URL each time it wants to make an http request. So I want to do that in my proxy. Currently proxy chaning in mod_proxy supports only say: ProxyRemote * x.y.z.w Now not having found mod_proxy can help me in that, I thought about writing a mod that in apache would interpret a pac file. In my configuration, the browser can not be aware of the pac file, only my proxy. I tried to explain you what was my project doing, instead of asking how override the connection to a server. if this is not a subject of interest of this group, I do apologize for having misunderstood the aim of it. However I still don't understand why this should be offtopic. Giovanni PS: I couldn't figure out a way to search into archives from http://mail-archives.apache.org/mod_mbox/httpd-modules-dev/. I used google site: option, and found no entry for pac or wpad. On Jan 22, 2008 6:20 PM, Joe Lewis [EMAIL PROTECTED] wrote: First, I want to apologize for keeping this off-topic conversation one last time on the mailing list. I think if we allow this to be archived, any questions should be more easily answered using archives, hopefully reducing our work load. Giovanni Donelli wrote: Hi Thanks for your reply. I do apologize for not being clear. I will try to restate what I want to achieve. For the sake of this discussion allow me to simplify the browser/internet interaction as follows: User enters URL in browser - **browser resolves domain name** - connect to server x - HTTP request In the way the browser **resolves** the DNS is where the pac file is used. You may want to read and understand the specification first. Remember that browsers do not reconfigure each time a page is hit - they obtain the configuration once (via a direct URL to a .pac, a DHCP response, or a DNS lookup for a wpad hostname - it's in the spec). The only time in those activities that apache could be involved is in the direct URL to a .pac file - and it's a static .pac file you drop on the web server, or serve the proxy.dat file that the DHCP specified or the DNS method is trying to find. In any way, nothing according to apache is occurring that is dynamic - it's just serving a .pac or .dat file. Which means there is no need to set up an apache module that handles stuff like this unless you are really crazy and want to construct a dynamically generated .pac/.dat file (I would not suggest this). If that is the direction you want to go, we may be able to assist - however, I doubt that is what you want. Most proxy servers have static IP addresses, which means the .pac/.dat file should be static as well. Once again, may apologies to those who are expecting module development assistance in this as we're not sure we even need it yet. Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus Are you trying to make Apache follow the same rules as the browser when it proxies (as in a proxy that uses a proxy), or just trying to set it up? (as in double proxy)? Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: mod_proxy chaining with a .pac file
Ralf Mattes wrote: On Wed, 2008-01-23 at 11:12 -0700, Joe Lewis wrote: Giovanni Donelli wrote: I am trying to make Apache follow the same rules as the browser Realize that the browser doesn't get the configurations for each website it visits, it only configures, then runs using the same configuration for every website. Realize that, since a .pac file is a ECMA-Script program, that configuration can (and often will) be dynamic. The proxy needs to be determined for each request. That means it should be easy to create a simple module that has a single configuration directive that points to the next proxy in the chain, something like WPADConfiguration http://secondproxyserver.example.com/my-proxy-file.pac And then just configure mod_proxy, mod_proxy_http, and create a handler that prefaces all URL's with the proxy: string, set the proxyreq setting in the request_rec to an appropriate value, and return 1 to allow mod_proxy to handle the rest of it. No - that's too simple. The module needs to run the JS function for each request and has to be able to dynamically set the proxy. Indeed - I had completely forgotten about that. Isn't there a javascript library could be connected into, or should the module be written in perl to use that? I suppose parsing the file manually would work. But I don't like reinventing wheels. Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Module Dev] Sending http request
karim Bendadda wrote: First I'd like to thank you very much Joe for help... I have a begineer question: *3) allow apache to handle the rest of the request*. Is that mean return 1 because when I tried this I had an error...and when I tried return OK I had nothing... (I don't remember if I responded, so I am responding [again if I already did]). Check your http proxy settings. You need to have it configured. Check your apache error_log for errors. Joe that's my code: *static int my_module_handler (request_rec *r) { char *url = apr_pstrdup(r-pool,http:\\10.12.23.5\irj\test); r-filename = apr_pstrcat(r-pool, proxy:, url, NULL); return 1; } static void **my_module**_hooks(apr_pool_t *pool){ ap_hook_handler(**my_module**_handler, NULL, NULL, APR_HOOK_FIRST); } module AP_MODULE_DECLARE_DATA **my_module**_module = { STANDARD20_MODULE_STUFF, NULL, NULL, auth_chorus_config, NULL, **my_module**_cmds, **my_module**_hooks };* Thanks On Jan 17, 2008 4:01 PM, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: Hi All; I tried this *request_rec *subr = ap_sub_req_lookup_uri(url, r, NULL); apr_table_set( subr-headers_out, Location, url ); ap_log_rerror( APLOG_MARK, APLOG_ERR, 0,r, sub request status: %i,subr-status ); ap_run_sub_req(subr);* I have the following error: *[Thu Jan 17 07:11:25 2008] [error] [client 10.75.197.168 ] File does not exist: /usr/local/apache2/htdocs/my_module* I think because the external server is not on the same site..I read the paragraph 6.3 Diverting a Request: The internal redirect ...I think there is no external redirect for http requests... Any suggestion please?? That error and assumption are correct. As Ray stated, the ap_sub_req_lookup_uri only works if the URI is on the local server's apache. (It is a URI vs. URL concept - the URI does not include the http://servername piece of the URL.) Instead, try a simple : r-filename = apr_pstrcat(r-pool, proxy:, url, NULL); return 1; (this example was stolen from mod_rewrite, which was the only core module that I was aware of that included a send to proxy command). Just set the URL to what the client would have been grabbing if it was redirected to the right page. For example, if the client is trying to get the page http://corvette.sharktooth.org/status.html , the resulting line would be : url = apr_pstrdup(r-pool,http://corvette.sharktooth.org/status.html;); r-filename = apr_pstrcat(r-pool, proxy:, url, NULL); return 1; (this could also be shortened - what the three lines do are 1) get/set the URL, which should be set in your case already, 2) preface the URL with proxy:, which is an indicator to proxy the request elsewhere, and 3) allow apache to handle the rest of the request). Try it and let us know if that works for you. Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Module Dev] Sending http request
karim Bendadda wrote: Thanks Joe for answer... I'm sure it's not a proxy problem; I'm using wireshark to look at HTTP TCP requests and my Apache doesn't send anything... And there is nothing on the error_log file... It's strange that sending requests ton an URL are not expected on Apache... I almost forgot. Try setting the r-proxyreq to PROXYREQ_PROXY or PROXYREQ_REVERSE, and see if that does anything (before returning 1). (I had to look at the mod_rewrite.c file as that is what I am using as an example.) Joe On Jan 22, 2008 7:25 PM, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: First I'd like to thank you very much Joe for help... I have a begineer question: *3) allow apache to handle the rest of the request*. Is that mean return 1 because when I tried this I had an error...and when I tried return OK I had nothing... (I don't remember if I responded, so I am responding [again if I already did]). Check your http proxy settings. You need to have it configured. Check your apache error_log for errors. Joe that's my code: *static int my_module_handler (request_rec *r) { char *url = apr_pstrdup(r-pool,http:\\10.12.23.5\irj\test); r-filename = apr_pstrcat(r-pool, proxy:, url, NULL); return 1; } static void **my_module**_hooks(apr_pool_t *pool){ ap_hook_handler(**my_module**_handler, NULL, NULL, APR_HOOK_FIRST); } module AP_MODULE_DECLARE_DATA **my_module**_module = { STANDARD20_MODULE_STUFF, NULL, NULL, auth_chorus_config, NULL, **my_module**_cmds, **my_module**_hooks };* Thanks On Jan 17, 2008 4:01 PM, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: Hi All; I tried this *request_rec *subr = ap_sub_req_lookup_uri(url, r, NULL); apr_table_set( subr-headers_out, Location, url ); ap_log_rerror( APLOG_MARK, APLOG_ERR, 0,r, sub request status: %i,subr-status ); ap_run_sub_req(subr);* I have the following error: *[Thu Jan 17 07:11:25 2008] [error] [client 10.75.197.168 ] File does not exist: /usr/local/apache2/htdocs/my_module* I think because the external server is not on the same site..I read the paragraph 6.3 Diverting a Request: The internal redirect ...I think there is no external redirect for http requests... Any suggestion please?? That error and assumption are correct. As Ray stated, the ap_sub_req_lookup_uri only works if the URI is on the local server's apache. (It is a URI vs. URL concept - the URI does not include the http://servername piece of the URL.) Instead, try a simple : r-filename = apr_pstrcat(r-pool, proxy:, url, NULL); return 1; (this example was stolen from mod_rewrite, which was the only core module that I was aware of that included a send to proxy command). Just set the URL to what the client would have been grabbing if it was redirected to the right page. For example, if the client is trying to get the page http://corvette.sharktooth.org/status.html , the resulting line would be : url = apr_pstrdup(r-pool,http://corvette.sharktooth.org/status.html ); r-filename = apr_pstrcat(r-pool, proxy:, url, NULL); return 1; (this could also be shortened - what the three lines do are 1) get/set the URL, which should be set in your case already, 2) preface the URL with proxy:, which is an indicator to proxy the request elsewhere, and 3) allow apache to handle the rest of the request). Try it and let us know if that works for you. Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Apache Module] Request External Redirection
Dr. Peter Poeml wrote: On Mon, Jan 14, 2008 at 03:50:25PM +0100, karim Bendadda wrote: Thanks for your answer! But I don't understand the second way to implement it?? it can respond with a Location: header and a status of 302.?? On 1/14/08, Joe Lewis [EMAIL PROTECTED] wrote: karim Bendadda wrote: I'm writing a module (MyModule_mod.c) wich has an *HTTP request* as input . I want to add an information to the request (an integer) and redirect it to an *external *server ...Did you know any method for doing this? There are two paths. The server can PROXY to the external server (e.g. grab the result from the external server and then relay that to the client) or it can respond with a Location: header and a status of 302. Figure out which you wanted to do, and if you struggle to implement it, let us know. In your handler, you would do something like this to implement the latter: /* set a Location: header and 302 redirect. */ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, baseurl, filename, NULL); apr_table_setn(r-headers_out, Location, uri); return HTTP_MOVED_TEMPORARILY; Peter Exactly! What it does is forces the web client to go to the external server and request the resource/URI rather than the web server getting it for the web client. It's a standard in the HTTP protocols that 302 response codes work in a specific fashion. Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Apache Module] Request External Redirection
karim Bendadda wrote: Thank you for your help! How can I call the Redirect directive into the module??, In fact in the module I have a function that make an LDAP connection I want to do something like that: request_rec* my_request; //The request with new information if(my_function(user_is_defined_in_ldap)==true) Redirect my_request new_Url else Do_nothing Do_nothing should be return DECLINED in the handler. Redirect my_request new_URL should be almost verbatim the code that the Doc (Peter Poeml) included. Let me just snip down through to his example to make it a little more obvious. In your handler, you would do something like this to implement the latter: /* set a Location: header and 302 redirect. */ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, baseurl, filename, NULL); apr_table_setn(r-headers_out, Location, uri); return HTTP_MOVED_TEMPORARILY; And there is the how to. Recall, though, that this kind of thing shouldn't be in an input filter, but a handler. (It may, in theory, be workable in a filter, but a filter is supposed to alter input not handle requests, and a handler is supposed to give the response of the 302 or data or decline to handle it.) Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Apache Module] Request External Redirection
karim Bendadda wrote: I did that , I have a redirection to the new url but it seems that it's just a redirection , the HTTP request doesn't get in the new URl: there is my code: The only two options again are to proxy to the external server, or redirect the client to the external server. If you don't want a redirection at the web browser, you will have to proxy the request. I do not know about setting up a hook into mod_proxy to have a request proxied - it's something I've never done, but there should be many people who have done it. Anyone with any short examples? Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Apache Module] Request External Redirection
karim Bendadda wrote: How can I see if my module really redirect the request?? (by the ap_log_error for example) Thank you very much for your precisous help! You should see the URL change in the browser to the new location. -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: [Apache Module] Request External Redirection
karim Bendadda wrote: Sorry but I'm a beginer on developping Apache modules...Thank you for your patience... I dont't understand this: /* set a Location: header and 302 redirect. */ Does'it mean to make this??: No, that is just a C comment. Location /my_module Redirect /my_module http://10.112.3.20/test /Location This is a pre-build hard coded redirection module that does something very similar to : static int my_module_handler (request_rec *r){ /* assemble the url by appending the filename to a baseurl */ uri = apr_pstrcat(r-pool, http://10.112.3.20/test;, my_module, NULL);/**/ apr_table_setn(r-headers_out, my_module, uri); return HTTP_MOVED_TEMPORARILY; } However, you have two things that are wrong in your code. The resulting uri would be http://10.112.3.20/testmy_module; because the apr_pstrcat() function tacks the two strings together. If you already know the full URL, you can skip the uri= line and set the headers_out. Which brings up the other issue. The apr_table_setn must be setting a Location header in order to meet the redirection standard. Yours is setting my_module. Replace my_module with Location, and then whatever is in the uri parameter is going to the web browser as the location header, and it should contact the new server/resource. Joe -- Joseph Lewis http://sharktooth.org/ Divide the fire, and you will sooner put it out. - Publius Syrus
Re: Problem with directives
karim Bendadda wrote: *Location /name_module url http:\\10.114.20.8\myopenldap port 389 baseDn someone /Location* I'm not sure port is the best one to use. Perhaps something more specific to your module, such as MyLDAPPort, or even relying on the ldaputil.c settings to set up that information for you. *typedef struct mod_name{ apr_pool_t*mpool; const char *url_LDAP; ** int num_port; const char *base_dn; }mod_name_conf; It appears that someone's keyboard put in a few extra asterisks on that. I see too many on a num_port line. *static const command_rec **name**_cmds[] = { AP_INIT_TAKE1(url**, ap_set_string_slot, (void*)APR_OFFSETOF(mod_auth_conf, url_LDAP), OR_ALL, url of openldap), AP_INIT_TAKE1(port, ap_set_int_slot, (void*)APR_OFFSETOF(mod_auth_conf, num_port), OR_ALL, port of openldap), AP_INIT_TAKE1(**baseDn**, ap_set_string_slot, (void*)APR_OFFSETOF(mod_auth_conf, base_dn), OR_ALL, base DN of LDAP), {NULL} }; One - I see WAY too many asterisks. There should be no asterisks in the directive lines. Please remove them, and choose better directives. Preface those directives with something more specific, please. For example, if you LDAP module is a translate function that uses LDAP to specify which file to retrieve, then you might call the directives LDAPTranslateURL, LDAPTranslatePort, and LDAPTranslateBaseDN (this is just a set of examples). Joe